Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Big Companies Can Hamper the Surveillance Infrastructure

timothy posted about 8 months ago | from the little-friction-here-little-friction-there dept.

Privacy 153

Trailrunner7 writes "Buried underneath the ever-growing pile of information about the mass surveillance methods of the NSA is a small but significant undercurrent of change that's being driven by the anger and resentment of the large tech companies that the agency has used as tools in its collection programs. The changes have been happening since almost the minute the first documents began leaking out of Fort Meade in June. When the NSA's PRISM program was revealed this summer, it implicated some of the larger companies in the industry as apparently willing partners in a system that gave the agency 'direct access' to their servers. Officials at Google, Yahoo and others quickly denied that this was the case, saying they knew of no such program and didn't provide access to their servers to anyone and only complied with court orders. More recent revelations have shown that the NSA has been tapping the links between the data centers run by Google and Yahoo, links that were unencrypted. That revelation led a pair of Google security engineers to post some rather emphatic thoughts on the NSA's infiltration of their networks. It also spurred Google to accelerate projects to encrypt the data flowing between its data centers. These are some of the clearer signs yet that these companies have reached a point where they're no longer willing to be participants, witting or otherwise, in the NSA's surveillance programs."

cancel ×

153 comments

Its all Fun and games (0, Offtopic)

Anonymous Coward | about 8 months ago | (#45445209)

Until Larry and Sergy get sat down and given the "your a grown up now stop acting like a sub " - should have hired some real adult supervision instead of "creepy uncle" Eric

Re: Its all Fun and games (1)

Mabhatter (126906) | about 8 months ago | (#45446885)

Totally agree. A few 3am visits from the NSA, IRS, & friends will get those pesky kids back into the fold quickly.

The NSA has been operating with "the key under the mat" and an "attaboy" to the big CEOs involved, they even throw them some honest business. Cross the NSA and they send somebody to harass the CEOs directly... Company policy changes pretty quickly... The "key under the mat" becomes a more overt "moving in" on your turf.

Outsource freedom (4, Insightful)

Anonymous Coward | about 8 months ago | (#45445235)

If you want large companies to not perform surveillance, move them to a country where the government cant secretly compel them to do what every they want.

Due to US cryptography export restrictions, its likely easier to actually provide some security if you leave the US too.

Outsource freedom: because losing the jobs isn't enough anymore.

Re:Outsource freedom (2)

erikkemperman (252014) | about 8 months ago | (#45447145)

If you want large companies to not perform surveillance, move them to a country where the government cant secretly compel them to do what every they want.

There was a story recently on /. about Switzerland wanting to become such an alternative. They've had some of the strictest privacy policies for a long, long time. For the wrong reasons of course (it is basically what allowed their secret banking sector to attract untold billions from tax dodgers and worse) but who knows, maybe that is actually a decent idea.

My hope is that, I've said it before, when this whole Stasi fetish starts to really hit the bottom line of some big campaign contributors, perhaps their influence might succeed where public outrage largely failed to materialize (and what there is of it can easily be ignored).

Re:Outsource freedom (0)

Anonymous Coward | about 8 months ago | (#45447155)

The problem with this is moving the company beyond the reach of the government would remove them from any sane laws regarding what the company can or cannot do, such as spying on everyone anyway. And before someone trots out the line about governments are worse because they can ruin your lives, companies will just monetize the data, guess who one of the parties willing to buy that data would be? That's right, governments. They just have to name a high enough price.

Or, you know, because they're governments they could just send in spies to compromise the company regardless of where it is. I figure whichever of these is more expensive is the option government will take, in which case they'll do both.

Wrong question (0)

Anonymous Coward | about 8 months ago | (#45445269)

This is not a technological problem, technology is (as far as we know) robust if implemented properly. The question is are they willing to implement it, and are they allowed to disobey.

Re:Wrong question (4, Insightful)

icebike (68054) | about 8 months ago | (#45445879)

Disobey WHAT?

Taping into data links between corporate data centers was not done with a warrant or a court order.
There is nothing to Obey. It was simply unreasonable search and seizure.

Re:Wrong question (0)

LifesABeach (234436) | about 8 months ago | (#45446691)

I think it to be more simple than that, businesses were allowed to do anything they wanted, for example Microsoft when it was convicted of lying, cheating, and stealing. And that its breakup was on the table. In steps in the some pin headed republican in charge, and Microsoft walks. Which businesses prospered before 2008? Those are the ones that had access to raw data from the net, and any computer tied to it. And who made billions drainging America's wealth?

Re:Wrong question (1)

icebike (68054) | about 8 months ago | (#45446839)

businesses were allowed to do anything they wanted, for example Microsoft when it was convicted of lying, cheating, and stealing.

Must be Tough trying to make a point when you contradict yourself in the first sentence.

Re:Wrong question (1)

Johann Lau (1040920) | about 8 months ago | (#45447063)

Maybe read on.

Re:Wrong question (0)

Anonymous Coward | about 8 months ago | (#45447157)

"were" could imply a change of policy. before they could do as they pleased and then something changed.

Or the more cynical version, even when convicted of lying cheating and stealing, the punishment was a light tap on the wrist.It's as if they could do anything they want with little consequence.

Must be tough trolling on the internet when English is not your first language.

They should be much more paranoid. (5, Interesting)

ameline (771895) | about 8 months ago | (#45445271)

They aren't getting *nearly* paranoid enough. They should be encrypting the data on disk, on network connections between machines in the *same* data center, not just between centers. In fact the data should remain encrypted at all times unless absolutely necessary to have in clear-text to process it -- and that should never leave the CPU. It should remain clear-text only for the absolutely minimum time required.

They should assume that hostile agencies (foreign *and* domestic) have tapped every last network link they own. As well as most routers and processing machines. They should also assume that some small percentage of their workforce are working on behalf of one of these adversaries. Given these assumptions they should design a system that can remain as secure as possible given these circumstances.

Merely encrypting the network links between their data centers is not nearly enough to thwart the likes of the NSA, CSEC, GCHQ or other nameless agencies.

Re:They should be much more paranoid. (2, Insightful)

Anonymous Coward | about 8 months ago | (#45445301)

Oh come on, you expect them to drastically increase costs to encrypt everything everywhere and thus make every machine that works with the data have decryption keys? Sure, adding layers of encryption does not hurt, but it does not help much, and its expensive.

If you want your data protected that badly, perhaps you should not trust/expect someone else to do expensive things that you have no way to verify are done properly. And regardless, none of that helps if the NSA asks for the data.

If you want your data protected, don't give it to random corporations, especially those in the US which are routinely compelled to hand over such data. Keep your data yourself if its kept at all. Encrypt it yourself, store your keys yourself, and be wary of side channel attacks.

Re:They should be much more paranoid. (0)

Anonymous Coward | about 8 months ago | (#45445337)

No corporation should be competing against a significant portion of the GDP. If they get that big and effective, we've got huge problems on our hands.
The problem of spying and lack of trustworthiness is a political one, not a technical one.
It can be solved locally, technically and efficiently. Choose two.

Re:They should be much more paranoid. (4, Informative)

0123456 (636235) | about 8 months ago | (#45445681)

Oh come on, you expect them to drastically increase costs to encrypt everything everywhere and thus make every machine that works with the data have decryption keys?

Setting up IPSEC tunnels between the machines is easy[*], and pretty close to free. Encrypting the drives should also be pretty much trivial, though not necessarily much help if the attacker already has access to the machine.

[*] - as in, once you've spent days working out how to configure that monstrosity the first time, you can set it up easily on any other machines.

Re:They should be much more paranoid. (1)

erikkemperman (252014) | about 8 months ago | (#45447169)

Homomorphic encryption [wikipedia.org] might work for some applications. Still I'm always going to expect NSA et al, depriving academia as they do of some of the best an brightest in the relevant fields of math and CS, to subvert that approach as well.

Re:They should be much more paranoid. (1)

SuricouRaven (1897204) | about 8 months ago | (#45445307)

But then how would they handle key management?

Re:They should be much more paranoid. (1)

ameline (771895) | about 8 months ago | (#45445473)

An excellent question -- and not one I have an answer to.

I think that perhaps they should get Bruce Schneier to help design their systems for them.

Re:They should be much more paranoid. (3, Insightful)

Mitreya (579078) | about 8 months ago | (#45445347)

They should assume that hostile agencies (foreign *and* domestic) have tapped every last network link they own.

I am sure they knew all along. They were fine with it

Everyone is making noise now, because it became public and there is some concern over backlash from the users.

Re:They should be much more paranoid. (4, Insightful)

Silentknyght (1042778) | about 8 months ago | (#45445883)

They should assume that hostile agencies (foreign *and* domestic) have tapped every last network link they own.

I am sure they knew all along. They were fine with it

Everyone is making noise now, because it became public and there is some concern over backlash from the users.

Let's be honest here. "They" in these cases are companies staffed by 1,000's of people. It seems highly implausible that all of those people, or even just all of the 100's that matter with respect to IT & infrastructure security, would have "known it all along," even less so been "fine with it." I find it more likely that the outrage is 99+% genuine, with 1% reserved for the dozen or fewer people who would have actually (or theoretically, if it's just a conspiracy theory) been in the know on something this big.

Re:They should be much more paranoid. (0)

Anonymous Coward | about 8 months ago | (#45447307)

The 0.1% who should have made the decision to encrypt (corporate security and senior management) knew exactly what was going on. But these people are SURE AS HELL in collusion with the banksters who run the western world. And they want to be safe from the plebs. That means 100% surveillance of the plebs by NSA, so that banksters can continue their crimes undisturbed. At least, that is the reasoning of corporate security and senior management at Google/M$/Yahoo/Facebook/WhatsApp/Twitter.

Re:They should be much more paranoid. (0)

Anonymous Coward | about 8 months ago | (#45446163)

Does anyone bother to ask themselves how many other possible (yet to be publicly known) agencies are part of the US governments spying network, and that these companies are still openly cooperating with some branch of the spying network, at least till someone blows these agencies into the public's eye.

For me I would think it is pretty naive to think the NSA is the only large spying agency in a very large US spying network. And I would even dare to keep a thought in the back of my mind that the NSA is being used as a decoy to keep the public and the shit for brains media/press from reporting what else the US government has hiding away.

Again Snowdens bullshit, isn't anything the world and a few people already knew or figured out. He has yet to release anything that exposes the full extent of the US's spying network. They report on one agency that (again) some people already knew about as well as finding out that closed hardware/software companies are openly and willingly putting back doors into there equipment, or making up some PR crap that the NSA "tapped" there lines as if server makers hadn't thought about this and put in the proper warning systems in, IE Russia or China tapping the systems... (obviously finding people in the US willing to tap the lines)

Re:They should be much more paranoid. (1)

swillden (191260) | about 8 months ago | (#45446731)

Does anyone bother to ask themselves how many other possible (yet to be publicly known) agencies are part of the US governments spying network, and that these companies are still openly cooperating with some branch of the spying network, at least till someone blows these agencies into the public's eye.

Google has flatly denied any such cooperation with anyone. Why would you believe Google is telling the truth about the NSA, but not about others?

Re:They should be much more paranoid. (2)

erikkemperman (252014) | about 8 months ago | (#45447185)

Again Snowdens bullshit, isn't anything the world and a few people already knew or figured out. He has yet to release anything that exposes the full extent of the US's spying network

Yeah I remember when we used to have stories about a Echelon and Carnivore etc. The apologists would usually show up with charges of "conspiracy theory" and basically paint those of us who worried about this in the past as paranoid crackpots.

Since Snowden this is no longer possible (although some predictably still attempt it). Big difference.

Re:They should be much more paranoid. (1)

Bite The Pillow (3087109) | about 8 months ago | (#45447079)

Sure based on what? Your anti-corporate bias? Internal knowledge? Things you decided not to cite?
You are the epitome of disillusioned doogoders everywhere. Where a single failure lies, all others are equally damned.
Business makes bad decisions, this is true. Business rarely makes the same bad decision.
As with any rule, follow the money. If big business hands over your data, and Snowden reveals it, you have big money coming at you.
Your homework: who would risk that, and what is the minimum payoff to make it boost the bottom line?

Re:They should be much more paranoid. (1)

Aighearach (97333) | about 8 months ago | (#45445353)

Those new open switches are going to really help companies set that stuff up! The future of network security is getting clearer. It probably isn't needed to encrypt all the disks if you have good enough network security. Obviously that depends on the data, and that calculation has changed. It is probably worth having cameras on your racks for physical security, though.

Re:They should be much more paranoid. (1)

kermidge (2221646) | about 8 months ago | (#45446397)

"...having cameras on your racks..."

I thought that was what the porn sites were for.

So, ok, who watches the cameras? How do you vet them? Oh - have an algorithm do the watching? Ok, fine. How do you write a routine that can tell a good guy from a bad guy? How do you vet his identity? Use a badge that can be switched? Well, that can be avoided by using a password pill, I guess. But still, who's good and bad? Ah, catch the keystrokes and distinguish between proper maintenance and improper access. That might do it, right? Next...

So, machines watching machines and humans watching the watching machines. Set that up, please.

Please note, I'm not saying that the need might not be there. Saying only that it might well be non-trivial to deal with it.

Re:They should be much more paranoid. (0)

ShanghaiBill (739463) | about 8 months ago | (#45445421)

They should assume that hostile agencies (foreign *and* domestic) have tapped every last network link they own.

They should also assume that some of their own employees are moles.

Re:They should be much more paranoid. (0)

ameline (771895) | about 8 months ago | (#45445455)

| They should also assume that some of their own employees are moles.

I mention that they should assume that.

Re:They should be much more paranoid. (1)

rmdingler (1955220) | about 8 months ago | (#45446065)

You have either shown incredible restraint or implied megahours of devotion to /. with your reluctance to meme RTFS. Not above a subtle "Told you So"' though... no one's perfect.

Re:They should be much more paranoid. (1)

sk999 (846068) | about 8 months ago | (#45445461)

"They should be encrypting the data on disk, on network connections ..."

Let's see how that paranoia thing works in practice.

"Microsoft's Azure service hit by expired SSL certificate"
http://www.computerworld.com/s/article/9237076/Microsoft_39_s_Azure_service_hit_by_expired_SSL_certificate [computerworld.com]

Hmm, needs more work.

Re:They should be much more paranoid. (1)

Pav (4298) | about 8 months ago | (#45445579)

Yes... every increase in complexity causes problems, and security is a feature that at best is imperceptible to the end user, and often changes the user experience for the worse. Also you're never sure if it's good enough - at best you discover a compromise when your bank account gets drained, and at worst... well... today whole societies can be subtly subverted for the worse while remaining completely ignorant. Still, suddenly everyone is aware it's important.

Re:They should be much more paranoid. (0, Offtopic)

jdogalt (961241) | about 8 months ago | (#45445531)

My older brother is a VP-Eng at Google (maps). I can assure you that the whole thing is utterly corrupt. The day after active duty U.S. Navy Information Warfare Officer Dave Schroeder posted publicly here that he thought my GoogleFiber "Right To Serve" Manifesto[1] was "very good" and that he agreed with everything I wrote about the core net neutrality argument, my brother finally said he agreed with some part of my arguments. To this day he has never clarified which part, though still asserts that I should have gone about my complaint in "the better way", namely submitting myself subserviantly to the Google technocratic leaderships opinion. The fact of the matter is, IMHO, that being able to host server/s on your residential internet connection, and being able to expect the user/customer base of all "internet service" to have the same basic right, is a key aspect of reclaiming our informational privacy and security on the internet. No, it's not bulletproof, but it's the foundation with which to have a fighting chance. I personally wish the EFF would get some guts and go further in their call. The fact of the matter is that I am right about my Net Neutrality argument, though certainly resolved to believe that after the forthcoming verizon ruling, that is not legally likely going to be relevant. But I think to reclaim our ability to use the internet, rather than being used by it, we need to demand that hosting servers that control our own data, is something everyone ought to be able to do from home. And in order for the residential server software market to thrive, there can't be arbitrary bullshit raqueteering loopholes like Google's new "no-commercial-servers-allowed" activity. I mean, why the fuck is it ok for residential users to commercially profit on transactions with a 3rd party like ebay, but not if they independently run their own LAMP stack and accept payment by check via USPS? I mean seriously, what the fuck?!?

[1] http://cloudsession.com/dawg/downloads/misc/kag-draft-2k121024.pdf [cloudsession.com]
http://www.provobuzz.com/google-fiber-now-allows-home-servers/ [provobuzz.com]
http://www.wired.com/threatlevel/2013/07/google-neutrality/ [wired.com]
https://www.eff.org/deeplinks/2013/08/google-fiber-continues-awful-isp-tradition-banning-servers [eff.org]
http://www.mcclatchydc.com/2013/08/01/198327/googles-call-for-open-internet.html [mcclatchydc.com]

Re:They should be much more paranoid. (0)

Anonymous Coward | about 8 months ago | (#45445765)

to whomever downmodded my post to -1 offtopic, I strongly disagree. I was responding to a post titled "they should be more paranoid". I spent a week in person arguing the points with my brother, and later publicly with US-NIWO Dave Schroeder. All of this long before Snowden. The leadership of Google was either willfully ignorant (should have been more paranoid as parent comment asserts), or co-conspirators with the NSA and CIA traitors. The fact that my brother got his in to Google working for a company that was effectively bailed out by the CIA (In-Q-Tel), contributes to my picture of things (I was working at the same company, though left very shortly after that CIA 'bailout'.) Seriously, go look up the US-NIWO post on slashdot, especially his final response that I never replied to, because it was so clearly ignorant or disingenous (now demonstrably so post-Snowden). The people in positions of power in the technocracy, such as my brother, and Dave Schroeder, are either misleading us due to corruption or arrogance, or allowing themselves to be misled for the same reasons. I'm sure they are too busy enjoying their high incomes to be troubled by how they are selling us all out into neo-Kompromat subserviance.

Re:They should be much more paranoid. (1)

Zontar The Mindless (9002) | about 8 months ago | (#45447107)

ProTip: Learn to use paragraph breaks and to avoid sentences of excessive length.

When you ramble, people's eyes glaze over, and they tag you Off-Topic out of annoyance..

Re:They should be much more paranoid. (2)

akozakie (633875) | about 8 months ago | (#45445621)

Assuming they want to thwart them, not just show that they are trying.

Re:They should be much more paranoid. (0)

Anonymous Coward | about 8 months ago | (#45445631)

but if they are asked for the keys, they will give them for fear of going to jail, don't you think?

Re:They should be much more paranoid. (1)

phamkhang993 (3434733) | about 8 months ago | (#45445685)

camera dong nai [cameradongnai24h.com]

Re:They should be much more paranoid. (1)

mlts (1038732) | about 8 months ago | (#45445911)

Encrypting is useful, but then comes the very nasty thing that comes with it: Key management.

Key management is something people fail to think about after the "Encrypt it, encrypt it now!" statement is implemented. How are keys stored, who has access to them. You have to sail your way between the Scylla of having keys obtainable by the bad guys, versus the Charybdis of a disaster causing all data to be forever inaccessible.

Of course, there are plenty of guys who will sell you an encryption appliance that supposedly will handle all this for you. But upon asking, the only way to back up the appliance is to install another appliance... and the only way to back that up. Yep, you guessed it, yet another appliance for replication.

Take backup media for instance. You can buy exotic tools to lock it down many ways. Or, you can set a password via Diceware, have it in a physical notebook with multiple copies (tape safe, offsite), and every year or two, change to a new one while keeping the old one for new tapes. It may not be as snazzy as encrypting each piece of media with its own key, but it provides virtually the same security.

Or another item are LUNs from a SAN. Yes, you can encrypt them, but what happens if/when the host machine goes down... where are the backup keys so the machine can be rebuilt?

Oh, the CA keys. Are they stashed in an armored HSM, or just generated/signed/used on some machine that can be compromised by just walking to it?

All important things to consider.

Key management is tough (1)

sjbe (173966) | about 8 months ago | (#45446025)

Encrypting is useful, but then comes the very nasty thing that comes with it: Key management.

This hits the nail right on the head. Encrypting is an important thing to do but if they hand over the keys (intentionally or not) then all the encryption in the world means nothing. And frankly key management is the most difficult piece of the puzzle because of the human factor. Only one person has to be compromised and all your encryption is for naught. Furthermore under our current legal framework with national security letters, people can probably be compelled to hand over encryption keys and risk jail time if they speak up about it to anyone.

Re:They should be much more paranoid. (4, Interesting)

swillden (191260) | about 8 months ago | (#45446763)

Encrypting is useful, but then comes the very nasty thing that comes with it: Key management.

Google has an outstanding key management infrastructure. That problem was actually already thoroughly solved a while ago. Actually, it's pretty well-solved outside of Google as well, for point-to-point links within an enterprise. Kerberos (though Google's solution is more robust than Kerberos).

Oh, the CA keys. Are they stashed in an armored HSM

Google has a great answer there, too. I wish I could share it.

Re:They should be much more paranoid. (1)

mlts (1038732) | about 8 months ago | (#45447093)

Google is to be respected there. In the past, I've encountered many businesses that, at best, provide lip service, at worst, have nothing whatsoever.

Almost every business should have some form of key management solution in place, even if it is a printed out piece of paper with all the BitLocker recovery codes stashed in a couple safe deposit boxes. Of course, if some antagonist is big enough, a safe deposit box can be frozen or seized, so for some organizations, that isn't a wise idea.

I just wish USB cryptographic tokens were more widespread. There were some out of Germany that would work with gpg, but they are sold out, and no clue when they might start production again. For example, having tokens in the hands of corporate officers (including the CIO and CTO) then having a tarball of all the other critical keys stored with the corporate data would be an idea. If one of the tokens is still usable, the rest of the key infrastructure would be recoverable, although if one of the tokens gets lost or stolen, the damage would be enormous. One can go with share split systems (e.g. 3 out of 5 keys needed) to help mitigate that.

Re:They should be much more paranoid. (0)

Anonymous Coward | about 8 months ago | (#45446145)

Maybe just marginal encryption?

Then detect the illegal copying (RIAA and MPAA are developing all sorts of methods for this) and sue the hell out of a few congressmen - personally - for their part in being a party to downloading copyrighted content as well as bypassing locks.

Congress was lobbied to pass all this copyright and IP law. Might as well put it to good use. We all pledged allegiance to the flag in return for justice for all. What's fair for the goose is good for the gander. Can anyone in Government sleep in the bed they just made?

Re:They should be much more paranoid. (4, Interesting)

swillden (191260) | about 8 months ago | (#45446721)

Dude, I really wish I could give you a point by point response. Actually, I typed one out, and then realized that I went too far. I personally think Google is making a big mistake by not being more open about its security policies, procedures and technologies -- because they're awesome -- but the fact is that a lot of it is confidential, and I like my job.

What I will tell you is this: Google's general solution to cross-DC traffic wasn't to add link-level encryption to the cross-DC links, and there is so much cross-DC traffic that it would be a nightmare to try to identify the cross-DC connections and encrypt just them. Further, stuff gets shifted around between DCs a lot, so any such solution would be beyond brittle. I'll let you extrapolate from there.

The other thing I'll say is just to give you a testimonial of sorts. You take it with however much salt you want... and I guarantee I'm going to get a bunch of foul-mouthed ACs (and maybe even non-anonymous cowards) calling me all sorts of variations of "liar". Whatever.

I was an IBM security consultant for many years. I spent a lot of time working in the bowels of the security infrastructure of a lot of big companies, and even some governmental organizations -- including some military organizations. I was also a security policeman in the US Air Force in a previous life (long story), so I have a pretty solid grounding in physical security, not just infosec. One of my degrees is in mathematics, and I was fascinated with cryptography from an early age, so much of my independent study during my degree was around crypto, and I continued my self-education and practical education afterward (which is how I ended up as a security consultant).

My point? I know more than a little about security, and I've seen a lot of what passes for security in both government and industry, including in organizations that handle a lot of sensitive data and really should know how to secure it.

Google is better at it than any of them. Head and shoulders.

Perfect? No. Nothing is perfect. But Google has world-class security talent, a lot of it, and Google's engineers have always cared a lot about security... and are now angry as well.

Anyway, take that for whatever you want, but it's my absolutely honest opinion. Google can do a hell of a lot to obstruct the NSA's illicit snooping, and intends to do everything feasible.

(Disclaimer: I work for Google, but I don't speak for them and they don't speak for me.)

Re:They should be much more paranoid. (1)

ameline (771895) | about 8 months ago | (#45446875)

I'm very happy to hear that they aren't just encrypting cross DC links. I always suspected Google had world-class talent in this area -- I'm glad to have it confirmed. It's good that google's security people are aware and upset about the taping.

Re:They should be much more paranoid. (0)

Anonymous Coward | about 8 months ago | (#45447133)

I hope Google can make some efforts towards publicly available security tech.

Re:They should be much more paranoid. (-1)

Anonymous Coward | about 8 months ago | (#45447329)

Ahh, now comes the $hill-paid-by-bankster.

Man, what do you think you defended at USAF ? Only the New York Bankster and his Zionist relatives ? Or was it "the American people" ? Your post epitomizes what's wrong with America and the West in general: Government, military (including NSA) and private security is 100% corrupted by MONEY.

And we are supposed to believe any of your rantings ? You are a Gun For Hire. The American people mean NOTHING to you.

Re:They should be much more paranoid. (1)

hlavac (914630) | about 8 months ago | (#45447357)

The problem is not technical, it's legal. As long as there are the national security letters and secret courts ordering people to hand over keys and shut up about it there can be no security. All they have to do is extort one individual with access to the keys...

Re:They should be much more paranoid. (0)

Anonymous Coward | about 8 months ago | (#45447295)

You should run an RPI-based server in your basement instead of being a lazy a$$.

We helped you, and now you shun us? (0, Flamebait)

Joining Yet Again (2992179) | about 8 months ago | (#45445291)

These are some of the clearer signs yet that these companies have reached a point where they're no longer willing to be participants

Or, before they were willing to hide their complicity, but now they're willing to both hide it and lie loudly about it.

Hypocritical Google engineers probably wouldn't have their job if their company hadn't been so compliant, as Google wouldn't have grown to the behemoth it is today.

Re:We helped you, and now you shun us? (0)

Anonymous Coward | about 8 months ago | (#45445607)

Just because the Google engineers disagree with Google being compliant doesn't mean they're hypocritical. Some would likely be happy for Google to be a smaller company, if it meant that Google was so because it stood up to these things.

Re:We helped you, and now you shun us? (1)

cold fjord (826450) | about 8 months ago | (#45445825)

Companies that don't comply with court orders tend to face severe consequences.

Re:We helped you, and now you shun us? (1)

crimson tsunami (3395179) | about 8 months ago | (#45446911)

Unless they are big companies, then they just get the laws, adjusted.

It's a start. (1)

SuricouRaven (1897204) | about 8 months ago | (#45445317)

But there's a long way to go yet.

Re:It's a start. (1)

rmdingler (1955220) | about 8 months ago | (#45446115)

"I am not a perfect man and I will not be a perfect president." "I will wake up every day and work as hard as I can." "Refudiate, misunderestimate, wee-wee'd up..." "There's a long way to go yet." See what you did there?

An yet... (1)

no-body (127863) | about 8 months ago | (#45445329)

Just another veil of secrecy, big company internals - The NSA++ sub-state in a state supposedly in cahoots with big companies - or the other way around..

No one on the outside is getting the real story.
The defense against anything is common: First total denial, then admit something and at the same time issue counter-info. What was it? Ah, it defends against terrorism, how many actual cases - 57 as one number came out. The number is not getting into many people's brains, the terrorism-defense does, world OK again...

Anything really changing, with this paid puppet-government?

No longer willing (3, Insightful)

gmuslera (3436) | about 8 months ago | (#45445373)

Too bad secret laws exist to force you, even if you don't want, and to not say that you are doing it. And a lot could want anyway, as could be incentives to make it desirable (like obtained secrets of competitors, "friendly" judges and so on). In any case, American companies can't be trusted, and big enough from other countries on line with this (UK, Australia, Sweden, Israel, maybe whoever signs the TPP, etc) probably should be avoided too.

Re:No longer willing (1)

swillden (191260) | about 8 months ago | (#45446773)

Too bad secret laws exist to force you, even if you don't want, and to not say that you are doing it.

I don't think there's any evidence that companies can be forced to lie. They can be forced to keep quiet.

Too little too late (4, Insightful)

JoeyRox (2711699) | about 8 months ago | (#45445407)

The genie is out of the bottle. Users, particularly non-USA users, will never again trust American internet service providers. I expect far-reaching ramifications, the extent of which wont be fully known for a couple years.

Re:Too little too late (0)

Anonymous Coward | about 8 months ago | (#45445673)

And they think non-USA providers are any better??? Probably just not used to US transparency expectations. Don't trust anyone!

Re:Too little too late (1)

jhol13 (1087781) | about 8 months ago | (#45446995)

Yes. The provider in my country is better, even if some of our government agency would start spying. The changes of the information be used against me - industrial espionage - is much smaller.

Re:Too little too late (1)

0123456 (636235) | about 8 months ago | (#45445689)

I expect far-reaching ramifications, the extent of which wont be fully known for a couple years.

More like a decade, I'd say. A lot of companies will be moving off US 'cloud' servers, but they won't be able to dump Windows and US computer hardware that fast.

Re:Too little too late (0)

Anonymous Coward | about 8 months ago | (#45446131)

You mean Chinese computer hardware.

Re:Too little too late (2)

flyingfsck (986395) | about 8 months ago | (#45447015)

...and others will simply add yet another layer of encryption on top of whatever the cloud provider is already supposed to have. Any home/SB user can install Truecrypt and use that to encrypt all his Google and Dropbox storage. Yes, things will then be a little less convenient, but he will also sleep better, knowing that it will be more difficult for a three letter agency to frame him with something. As things are now, any three letter agency can upload child porn to anyone's online accounts and then alert another three letter agency about it for prosecution. Truecrypt will make that rather more difficult to pull off successfully.

Re:Too little too late (0)

Anonymous Coward | about 8 months ago | (#45446081)

Other providers have their own NSA-equivilents to deal with. After watching the systematic destruction of the US's solar industry by China, would one think they are any better? The FSB are not angels either. Neither is the ISI.

It will end up with people having to pick which intel agency has the master keys to their data and going that route.

Re:Too little too late (1)

Zontar The Mindless (9002) | about 8 months ago | (#45447123)

After watching the systematic destruction of the US's solar industry by China...

Uh, what? Looks to me like entrenched US corporate interests are doing a pretty good job of that on their own. No outside assistance required.

Re:Too little too late (0)

Anonymous Coward | about 8 months ago | (#45446919)

Users, particularly non-USA users, will never again trust American internet service providers.

I doubt it.

People continue to buy android & apple phones & tablets in droves, even though it was well documented that both apple & google hand over all their data to the US govt.

Mass surveillance is their business model. (4, Insightful)

Anonymous Coward | about 8 months ago | (#45445413)

Mass surveillance and data collection is the business model at companies like Google and Yahoo. If their frustrations are genuine it is only that they are angry that their data is being taken without being properly paid for it.

Re:Mass surveillance is their business model. (1)

cffrost (885375) | about 8 months ago | (#45446981)

Mass surveillance and data collection is the business model at companies like Google and Yahoo. If their frustrations are genuine it is only that they are angry that their data is being taken without being properly paid for it.

That's right; this discussion's headline probably should have read, "How Corporations Can Retain, Increase Profits Following Surveillance Revelations." Likewise, the summary's author spoke of "anger and resentment of the large tech companies" — perhaps within those companies (due to inadequate payment, as you mentioned) — the only emotional attribute of a corporation is insatiable greed, and like any other sociopathic entity, it will feign and project the illusion of whatever human attribute is determined most likely to maximize profits. Here, surveillance/advertizing corporations feign anger, empathy, and solidarity over the sanctity of peoples' private/personal information, in order to persuade people to continue to freely hand over that information, to the tune of billions of dollars per year. If an individual behaved this way, I think that person would likely be called a hypocrite or con artist.

Dear Google, (2, Insightful)

Mister Liberty (769145) | about 8 months ago | (#45445415)

"If it looks like a duck, ..."
"You probably know that one.

"Please tell me, what is all this drive towards one account, no anonymity, all this cloud
and data storage about?
"You have been convicted of privacy transgressions before, althougn admiitedly minor
compared to the Nefarious Scumbag Assholes".
"Please, Miss Google, get some clue that 'appearances are against you', as they say"
"Why is it that I, a prolific and avid googler, have never seen on your sites, never once
among the many times I pass by on a single day, any statement to the effect that you
despise the NSA, that you will not commit my data to them, that ...",
"well, you know what I mean (actually I suspect you know I'm mean)"

"Dear Google, are you with me or against me".
"Whatever happened to 'Do no evil'. Was that just a hollow PR ploy? An imperative
to the 'other players' and something to pat yourself on the back with now and then?"

"In fact Google --since you started it (the mentioning)-- how do you define evil?"
"it would be nice to get you enlightened insights, preferably with a name under it".
"Nothing personal -- just accountability, you know"
"Thank you".

Re:Dear Google, (0)

Anonymous Coward | about 8 months ago | (#45445605)

PS. I love the quote mark. It makes me happy.

maybe it's just spin (2)

cas2000 (148703) | about 8 months ago | (#45445429)

or maybe their protests and hand-wringing and emphatically blogged thoughts are just business as usual - corporations routinely pay spin doctors to advise them on what to do and how to manipulate opinion whenever they get caught doing stuff they're not supposed to.

to their way of thinking reality is nothing, perception is everything.

Even Kubuntuforums has gone https (3, Interesting)

Teun (17872) | about 8 months ago | (#45445485)

Not only the big boys beef up their security, even Kubuntuforums.org has today enabled https access.

Encrypting by the big players is significant, the data streams between their centers effectively mirrors all they have, from the POV of the government sanctioned goons it is about as good as you're going to get without the need to physically enter the server rooms.

A small forum is obviously not using a secure connection to hide their data but instead it's meant to secure the login process.
Yet it shows not only the big enterprises are able to improve security and especially the privacy of their users

Re:Even Kubuntuforums has gone https (0)

Mister Liberty (769145) | about 8 months ago | (#45445511)

I like your sig.
Furthermore I suspect we're not too far apart.

Re:Even Kubuntuforums has gone https (2)

Teun (17872) | about 8 months ago | (#45445611)

The signature is mainly about commercial entities gathering data on us and then marketing it.

I don't like what the NSA's of this world are doing, specifically on the scale it seems to happen, the apparent brassiness of it and the lack of political oversight.

Because of the near total lack of US legislation on the the subject I'm more mad and worried about the hidden marketing of my privacy by the commercial aggregators.
What is not mentioned is often at least as dangerous as what is in the open, possibly more so...

Re:Even Kubuntuforums has gone https (1)

rmdingler (1955220) | about 8 months ago | (#45445869)

Because of the near total lack of US legislation on the the subject I'm more mad and worried about the hidden marketing of my privacy by the commercial aggregators.

Regarding these Interwebs: think of how stupid the average Congressman is, and realize half of them are stupider than that. The average Congresscritter is about 59 years of age and favors belief in religious dogma over science. Don't confuse the proficiency with which the NSA et al peruse your privacy online with the legislative branch's collective ignorance of it. In another decade or two of turnover, our lawmakers will be better suited to legislate this 'newfangled' innovation.

what a load of bollocks (0)

Anonymous Coward | about 8 months ago | (#45445535)

The moment the government threatens their bottom line profits it will be well we didn't want to comply but they got a court order.
That is the only reason they want to be able to publish the 'meta' data on how many requests they get. It allows them to shift the blame

Appearances (4, Insightful)

Tony Isaac (1301187) | about 8 months ago | (#45445547)

The big tech companies want to appear to be unwilling to cooperate with spying. But what's to keep them from secretly cooperating all the same?

Re:Appearances (2)

rmdingler (1955220) | about 8 months ago | (#45445897)

The big tech companies want to appear to be unwilling to cooperate with spying. But what's to keep them from secretly cooperating all the same?

You. With fervent outrage, you vote with your wallet when you decide not to do business with a corporate lackey of the governmental spy agencies. Unlike the sovereign governments of the World, Google and Amazon cannot have your money without your permission.

Re:Appearances (1)

Entropius (188861) | about 8 months ago | (#45446537)

It's only because of a one-off event that people know who's been helping out the NSA. Can you count on future such events to tell you who should be trusted?

Re:Appearances (0)

Anonymous Coward | about 8 months ago | (#45447285)

I have personally been calling them "GOONSA" or "NSAmail", long before Snowden. And that was based on extrapolating what they did in the 1930s (reading ALL telegrams of the wire companies). Read Bamford's Puzzle Palace. Apply some historical-habit-conservation-meta-thinking.

Re:Appearances (1)

swillden (191260) | about 8 months ago | (#45446775)

The big tech companies want to appear to be unwilling to cooperate with spying. But what's to keep them from secretly cooperating all the same?

For one, the employees.

Re:Appearances (1)

Tony Isaac (1301187) | about 8 months ago | (#45446817)

You mean, the employees that have been working there already, who have been cooperating with the spy agencies? I feel better already!

Re:Appearances (2)

swillden (191260) | about 8 months ago | (#45446853)

You mean, the employees that have been working there already, who have been cooperating with the spy agencies? I feel better already!

They haven't been cooperating. Google has denied all cooperation, and none of Snowden's revelations have provided any evidence of cooperation.

Fore! (2)

Impy the Impiuos Imp (442658) | about 8 months ago | (#45445583)

Distrusted cloud services get abandoned, which costs them money, which costs their stock prices, which costs millions of middle Americans stock price, which drives a stake of fear into the hearts of Congress.

Let the money issue work *for* you.

Re:Fore! (1)

Mister Liberty (769145) | about 8 months ago | (#45445623)

I'd mod you up.
But in my case, it would have been invalid, since out of /agreement/ to your view,
as discernable from your post.
(However, since that view is an ironic comment to the current state of affairs, I
personally would want to claim a small dissent with the expression of the fact that
'it doesn't have to be that way' (i.e. it's not a law of nature), with my mind going to
what Noam Chomsky [now there's a personification of hope!] always says).

Microsoft helping NSA to hack your Windows (4, Informative)

Anonymous Coward | about 8 months ago | (#45445713)

Microsoft helping NSA to hack your Windows [techrights.org]

According to a new report from the corporate press (as corporate as it can get, being Bloomberg), Microsoft tells NSA staff about universal unpatched holes before they are being addressed:

        Microsoft Corp. (MSFT), the worldâ(TM)s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.

        Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesnâ(TM)t ask and canâ(TM)t be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.

        Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to be give government âoean early startâ on risk assessment and mitigation.

Glyn Moody asked, âoewhy would anyone ever trust Microsoft againâ¦?â

Frank Shaw is not a technical man. His job is to lie, e.g. about sales of Vista 8 (quite famously and most recently). He came from Waggener Edstrom, a lying and AstroTurfing company. The above should be read as follows: when new holes exist which permit remote hijacking the unaccountable, cracking-happy NSA is being notified. What can possibly go wrong now that we have proof that the NSA is cracking PCs abroad with impunity?

Some of the back and forth is innocuous, such as Microsoft revealing ahead of time the nature of its exposed bugs (ostensibly providing the government with a back door into any system using a Microsoft OS, but since itâ(TM)s donâ(TM)t ask, dontâ(TM) tell, nobody really knows). However the bulk of the interaction is steeped in secrecy: âoeMost of the arrangements are so sensitive that only a handful of people in a company know of them, and they are sometimes brokered directly between chief executive officers and the heads of the U.S.â(TM)s major spy agencies, the people familiar with those programs said.â

Re:Microsoft helping NSA to hack your Windows (1)

rmdingler (1955220) | about 8 months ago | (#45445967)

+1 Smart

Re:Microsoft helping NSA to hack your Windows (0)

Anonymous Coward | about 8 months ago | (#45445981)

I think Microsoft already provides the NSA with a backdoor into Windows. As far as early exposure to yet undisclosed vulnerabilities goes, in the IT world this is standard practice for important software customers. It's nothing special that this would apply to Microsoft and the NSA.

Re:Microsoft helping NSA to hack your Windows (1)

anubi (640541) | about 8 months ago | (#45447205)

I can't help but wonder how many of these "security updates" are little more than replacement backdoors to replace the ones that have been discovered.

Fuck these guys? (1)

PPH (736903) | about 8 months ago | (#45445717)

Which guys does he speak of? In the recently published article [washingtonpost.com] , the subject diagram isn't clear on exactly what is going on. My reading of this is that the "SSL Added and removed here!" note with smiley face is pointing directly at the GFE (Google Front End) server, meaning that this activity is occurring on this server (group). Now, in my limited time as a sysadmin, I have yet to see how any outside party can gain ongoing access for such processes without the complicity of the admin. So, perhaps these Google engineers should be looking inwards for someone worthy of their F-bombs.

Actually, the drawing alone doesn't say much. It could simply be a drawing of Google's SSL architecture as it relates to its internal cloud structure. It doesn't say who is adding/removing SSL. The implication made by the Google staff reaction is that this is something nefarious. Could be. Could also be that they don't know how a public SSL gateway on a private Intranet is configured.

What's worse? Foreign agents within the NSA. (0)

Anonymous Coward | about 8 months ago | (#45445723)

The NSA compromises our infrastructure, and adversaries get access to exactly the kind of intel we don't won't them to have.

And.. If Snowden was there, they are (or were) too.

Re:What's worse? Foreign agents within the NSA. (1)

rmdingler (1955220) | about 8 months ago | (#45446011)

Sure. But. Forget not though, along with the thankless job of being the World's preeminent economic and military power come a few bennys: My guess is the US budget for whatever the black ops require dwarfs 'theirs' by an OOM. American assets are there too, where %there=everywhere% .

They are willing to pay $0.00 in taxes.. (0)

Anonymous Coward | about 8 months ago | (#45445803)

When the government lets you keep BILLIONS in profit by allowing you to offshore your revenue through several shelter companies, you got to expect they want something in return. Surprise! We hear YOU!

Deny them business a while longer (1)

gweihir (88907) | about 8 months ago | (#45446013)

They seem to have caught on, but not the lesson needs to be made memorable.

You can skip that one (2)

manu0601 (2221348) | about 8 months ago | (#45446085)

TFA just says tech giants do not want to cooperate with NSA. No real news here. Save your time, skip that one.

Re:You can skip that one (0)

Anonymous Coward | about 8 months ago | (#45447267)

No, it's DISINFORMATION. Sure as hell these banksters and corporate thieves want to cooperate. They fear us, the people and think NSA will control us for them.

Companies being evil for evil's sake (0)

Anonymous Coward | about 8 months ago | (#45447055)

I understand why Google or Yahoo would be upset. They obeyed the law, complied with the NSA, and got screwed by them anyway.

My argument is with the phone companies, Verizon and AT&T, who went way beyond what they were legally required to do in terms of providing information to the NSA. I wonder what goodies they received from that relationship: better relationships with the FCC? Special access to spectrum auctions? More allowances from the government on how they could pursue union negotiations?

While Google could easily be cast as a good company forced into a tight spot, it seems Verizon et al are intent on slowing innovation, making the internet slower and more expensive, subjugating their workforce, and illegally spying on their customers.

xkcd (1)

shentino (1139071) | about 8 months ago | (#45447089)

Is there a remedy to surveillance that can stand up to that 5 dollar wrench called being detained indefinitely as a terrorist?

Can You Say: SMOKE AND MIRROR ? (0)

Anonymous Coward | about 8 months ago | (#45447261)

Of course the relevant people at Google, Yahoo and M$FT (up to and including Brin, Page, Meyer. Schmidt) knew that transmitting customer data in the clear was making customer data extremely vulnerable. Encryption would have cost thumb change, relative to the billions of profits they rake in.

But you know what ? That was the confidential "gentlemen's agreement" with the government. Read what Mr Schmidt said and wrote. These guys want to be part of World Government. Their entry token into this circle is information. YOUR INFORMATION.

All these large corporations are in bed with government and NY finance.

What can YOU do ? Run your own little server 365/24 in your basement. Use a Raspberry PI for that. Encrypt everything, Avoid Google, Facebook, Yahoo, Hotmail like the plague. Most of the software is already there. You just need to set it up on the RPI. Then make it accessible via a Dynamic DNS service (there is more than DynDNS).

Freedom is work, Convenience is Slavery !

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...