"In order for these services to become the main foundation of the Post-PC future, users are utterly justified in demanding binding commitments to security from service providers."
Which, due to the total secrecy of the government's process (e.g. National Security Letters), they cannot provide.
We could, of course, watch ever word we put on the cloud, including the supposed private stuff, but I'd rather not do that for a large class of things (submissions to forums like this are an obvious exception, I am after all submitting it for the whole world to see as it wishes).
The cloud can still be useful for encrypted backup, that's what I do with rsync.net to avoid loss by disaster, and it saved e.g. my email when the Joplin, Mo tornado hit 2 years ago. But put my spreadsheets on the cloud? The one tracking the blood test results of a relative's anemia (fortunately, it looks like it was a "hit and run" virus). No, I think not.
Just out of curiosity, what is it about your relative's blood test that you don't want the NSA to know about? Especially since the results are already on a network at the hospital (or testing lab), and the NSA can get it directly from there anyway via an NSL.
I've often wondered about why medical records are such a sensitive topic to most people. The only things I can think of is either the insurance company will find out and raise your rates (they find out anyway, as they pay your bills), or the condition one suffers is due to something they did that was embarrassing (or similar).
> Just out of curiosity, what is it about your relative's blood test that you don't want the NSA to know about?
This is the wrong question. The right question is, "what is it about your relative's blood test that you don't want the NSA, or anybody else in the government, or any contractor or lobbyist the government is persuaded to share this data with, now or at any point in the future, essentially in perpetuity, to know about?"
And the answer is, of course, "I don't know".
I don't know if Obamacare will die an ugly death and insurance companies will successfully lobby for absolutely anything establishing genetic prior conditions.
I don't know if, in 50 years, the government will decide to, say, demonize Jews and go hunting for Ashkenazi DNA indicators in their databases and go after the families they can find with them.
I don't know if a genetic predisposition to homosexuality, haemophaelia, a positive test for AIDs or herpes or ginger hair will one day be used against me or my descendants by some future mob.
I agree with the point you are making. In the spirit of agreement, I would suggest that the right question is "what is it about your relative's blood test that you specifically want to bring to the attention of the NSA, government, contractors, and lobbyists."
Privacy should be the default state and expectation, and disclosure should be by exception when necessary, for exactly the reasons outlined in your post. The argument that privacy only matters if you have something to hide conceals a number of assumptions, and misses the fact that one doesn't know what one might one day wish one had hidden.
> or any contractor or lobbyist the government is persuaded to share this data with
Or anyone the government is "persuaded" where persuaded may well include security breaches by hostile parties of indeterminate origin... Actually the hell with it, just put it this way, insecure by law is still insecure. Effectively PRISM and its ilk implies that insecure by law is in fact insecure, completely.
I can answer that. I used to wonder the same thing, but medical records are a particularly powerful type of information. Data in your medical record is often associated with major life events (serious illness, risk of illness). Often a medical examination can reveal if you participate in certain sexual acts (tearing in the vagina or anus), whether you are at higher risk for cancer, whether you have an illness or disability that would cause others to treat you differently, or would cause employers to sideline you. A medical examination can sometimes identify where you have traveled, even if it's a secret (why do you have anti-bodies for yellow fever or TB?).
Genetic data can (and has been) taken from the medical records relatives of serial killers without their knowledge (with a warrant) in order to get a confirmation that their relative might be a match to semen samples found at crime scenes. This has at least in once case resulted in a warrant being issued and a case being solved in California. http://abcnews.go.com/Nightline/familys-dna-led-police-grim-...
With genetic tests, you can also uncover family secrets that can turn said family completely dysfunctional (non-biological mother/father, incest, parents are unwittingly cousins).
Additionally, you need not tell your insurer everything. New rules under the HITECH act are coming into effect that mean that so long as you pay cash at the doctor, you can request that the details of the visit not be forwarded to the insurer.
That's just a "for instance"; medical records are in theory better protected that most types of data, and I was pointing out a way it might be Hoovered up vs. of course it being specifically accessible through something such as a NSL.
A lot of this has to do with how this data can be abused, e.g. for political purposes; in this case, it's almost certainly nothing to worry about, but there are many cases where there are damn good reasons for privacy.
Yeah, except that's not what Eric meant. He phrased an answer poorly and sensationalist journalists took his answer out of context. What he REALLY said (in context) was "If you have something that you don't want anyone to know, maybe you shouldn't be treating Google like your trusted friend by telling it to them"
Full context:
Q: People are treating Google like their most trusted friend. Should they be?
A: I think judgement matters… If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. But if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.”
Right. My re-interpretation of the quote is correct then. Google shouldn't be trusted with your most private information because it may have to share it with the government. Words of warning from Eric Schmidt - don't treat us like a trusted friend.
You'd be surprised at the level of intimate details discussed by street hustlers on prepaid mobile phones. I'm not sure if prepaid throwaway ipv6 addresses would be viable, but it may not hurt to start thinking in this direction.
When I get an bright idea that will make me a lot of money and bring me fame, I'm sure I'll figure out a way to keep it secret when I communicate it to a few trusted advisors.
I always figured the better solution would be to have a cloud-in-your-pocket. You can carry your own data with you and sync backups to a site you personally control.
Phones certainly have the capability to do the job of a personal server (of course you may not want it to be an actual phone considering the latest snooping news). A mechanism to use any nearby desktop or laptop as a client would enable most of what you need without any requirement for an untrusted remote storage provider.
Certainly complimenting. By definition communication requires more than one person accessing information.
I know what I'd like to see in this area, but I don't have a good idea how to implement it. FreedomBox might be heading towards that implementation.
The idea I'm kicking around in my head for comms is something where I'd want a distributed data store (possibly just a file system) with access controls to enable requests such as "UserA acting on behalf of UserB would like to read data at /path/to/data". Where UserA might be twitter and UserB might be StephenFry. UserB can control what UserA can see and manipulate. UserA can do things that UserB cannot (such as acting on behalf of UserC)
>> The prisoners in the Panopticon could thus never know whether they were being surveilled, meaning that they have to, if they want to avoid running the risk of severe punishment, assume that they were being watched at all times.
Yup good idea, I agree, only I'd break the synced data up into segments and spread the encrypted segments around 2 to 3 cloud providers. Wow, sometimes my brain amazes me and yours too in this case. Buy Product X - it's PRISM proof. :)
My (pessimistic) prediction is that nothing will change because of this, at least not in the US.
In the consumer space, there's little that this awareness will do to illustrate the risk to those who didn't see it before. It's only when abuse of a program like PRISM comes to light in a big way will the average consumer demand change or change their habits.
In the corporate space, most already are very wary of putting trade secrets or confidential data into cloud services and those who aren't won't be any more so, I would argue, until they see real impact from improper use/disclosure.
Outside of the US? I would hope there'd be more outrage and want for non-US options, but, in truth, most other governments want to be doing the same thing, I'd bet, so just where is the safe harbor is a question many will be asking, I'd bet.
It is unlikely too many people want their privacy curtailed in exchange for convenience
You'd be surprised just how many people do exactly that, and I don't mean the average citizen either. I wonder how many of us in HN have turned on Google Now ?
He's talking about the consumer buzzword 'cloud', as in iCloud, eCloud, store your pics in the "cloud", not
the IT buzzword "cloud computing", with things like virtualization, EC2, AWS, S3. Thanks for that, marketing assholes.
But I want to know. Whats the difference now, in light of all the spying, between storing your stuff encrypted on S3, or using EC2, and colocating hardware somewhere? Are we worried about back doors into the virtual machines and S3 buckets, or are they just going to watch the traffic in and out, just like they can do anyway if you colocated, or even put all the crap in your basement?
I'm in the business / IT end of things, as well as the consumer side.
Businesses. And non-profits (many with services/clients in ... less than democratic regions, not even counting the United States). And governments. All care about integrity, access, and, more than anything else: security.
With colocated hardware, you've got control over the physical devices, there's no intermediating virtualization layer (unless you've installed it yourself), and you can control aspects such as data and disk encryption (though in truth: this is fraught even on hardware you _do_ own, and is also possible in many hosted environments). You also control the physical wiring and cabling within your cabinet, cage, and/or datacenter.
Most importantly: you controls _where_ your data are. When I use a colo, my data live on specific pieces of hardware in specific locations I've specifically designated. And if it's seized, you'll likely know about it (you may not be happy, but you'll know). When you host in the cloud, access becomes ... distributed.
Both have their security issues, but the envelope is much larger in the cloud.
Yes he is. He's an apple blogger. He doesn't know virtualization from his own ass.
I once interviewed with a company that was letting users store data 'in the cloud'. They were promoting the the job as something to do with 'cloud computing'. I asked if they used AWS. He replied they had a few colocated servers.
I'm asking, from a spy point of view, if there's a difference between a virtualized server and a physical one, if in fact all they are doing is watching network traffic.
The wider audience being the people who make the purchasing decisions...
I work in the financial sector in Europe and this HAS pretty much killed the cloud simply due to the uncertainty. People are in meetings right now working out how to move all their stuff off AWS etc rapidly before the people who pay the bills land it on the doorstep.
In fact it's killed datacenters that are US subsidiaries such as Rackspace as well. I had a conversation with a guy at Rackspace this morning and they actually recommended going to a local company over themselves.
>People are in meetings right now working out how to move all their stuff
I'm wondering why they didn't consider this scenario in the first place. That lets me question their expertise very much. Aren't they professionally paranoid enough? Then why do they run critical infrastructure?
They were informed. After all it's our job to inform them of the facts and let them make a decision, usually based on a tradeoff of risk perception (note not real risk rating) and cost.
Now risk is perceived to be higher, cost is a little more flexible.
Businesses don't necessarily operate in the best interests of their clients. The shareholders come first, then the clients and anything which takes from the bottom line is going to end up a risk tradeoff.
I post anonymously as I'm risk averse and don't necessarily agree with how businesses operate in this respect.
We were proposing moving our S3 stuff over to their OpenStack stuff for inevitable security reasons (we hold sensitive contract and financial data). We were told that they could make no guarantees directly so we'd be better off going with a "locally registered company".
If you call a non US subsidiary and ask them directly about their data handling policy with respect to the US, then you'll get the same answer. With FISA, they are required not to tell you as well.
I often jokingly tell a specific friend that I'll murder him (he says the same to me)... it wouldn't be clear if you read the e-mail correspondences that we're joking. It would be clear if you saw us in real life joking, laughing... but you don't have that context, you don't know the history of my relationship with him, we're both practitioners of an absurdist brand of humour (think adultswim's Tim&Eric humour). Compound all of this with the fact that I'm brown (Asian descendant) and that a running brand of jokes is about terrorism ('yeah so we have AQ training camps in our basement') -- and, I'm sure we're setting off a good amount of triggers.
Here is what is unnerving to me: considering the high-capacity storage capabilities of these three-letter agencies, it's highly likely that a lot of our data has already been copied... it's little use disabling our fb/goog accounts, it's little use deleting everything en masse now.
Anyway, my takeaway from all of this is that 1) I have to stop making these jokes, even in private conversations, and 2) communicate more clearly in my e-mails, so that if it's being read by someone with no context, it does not invoke any suspicions to wrongdoing of any sort. I am extremely annoyed that I have to start doing this, but I will.
Quote: "A citizenry that’s constantly on guard for secret, unaccountable surveillance is one that’s constantly being remade along the lines the state would prefer. Foucault illustrated this point by reference to a hypothetical prison called the Panopticon. Designed by utilitarian philosopher Jeremy Bentham, the Panopticon is a prison where all cells can be seen from a central tower shielded such that the guards can see out but the prisoners can’t see in. The prisoners in the Panopticon could thus never know whether they were being surveilled, meaning that they have to, if they want to avoid running the risk of severe punishment, assume that they were being watched at all times. Thus, the Panopticon functioned as an effective tool of social control even when it wasn’t being staffed by a single guard."
>> The prisoners in the Panopticon could thus never know whether they were being surveilled, meaning that they have to, if they want to avoid running the risk of severe punishment, assume that they were being watched at all times.
That's what it feels like to me working in open cube areas.
lol. For _years_, a friend and I who do the exact same thing (but escalate it to full ridiculousness), end with a proviso along the lines of "to anyone reading this, the above is in jest and in no way represents real intentions." We mostly put that in jest. Now the proviso seems less jestful.
The crypto on your online backup and password syncing services should be both strong and entirely client-side. All they should be able to provide to an attacker is useless cyphertext. If not, you probably shouldn't have been using said services in the first place.
Why. If you have trouble with your password just ask NSA. They should just open tech support hotline. Also - can a person get his full facebook profile from them - since they removed archiving?
I agree that this double speak from US cloud tech companies and the government is putting US cloud vendors into peril. But seriously, the US cloud might be like the dollar. It's not perfect, but it is a known refuge.
There is at least some amount of oversight, however weak, if you have US customers - I would assume that all foreign rivals are actual targets.
Who said it's better to be an American ashamed of our foreign policy than to be a victim of it?
Your government doesn't have to be any more trustworthy in general than the US'. From the legal side, say your government has basically the same legal regime as the US: local citizens'/residents' data on the local cloud have some legal and/or constitutional protection from the local government, but non-resident aliens on the local cloud have none. If you leave your data on the local cloud it has some legal protection, while if you put it on the US cloud it has none. (Really, none as soon as the US government decides to go after you specifically. (IANAL.) It seems the US doesn't even have to state a pretext of "counter-terrorism", "national security" or anything else to take your data under FISA 702. http://www.govtrack.us/congress/bills/110/hr6304/text )
Now, in many countries even local citizens in the local cloud have no legal protection from the state, or legal protections notionally exist but don't really impede the security services at all. (By all accounts the PRC is one of these.) But this is where motivation comes in to it. Many people outside the US have good reason to fear their own government more than the US'. In that case you could be better off trusting your data to the US cloud, even if it means you're trading away some real legal protections in exchange for getting getting your data out of the hands of a local government which is motivated to work around those protections to get at you. If your data also has no real legal protection locally then it's an easier choice. The problem is that some people - for example, non-US companies with interesting commercial data and US competitors - may in fact have more reason to fear the US government than their own.
I can't stop the local government from looking at my data if it wants to. I can stop the US government from looking at it. Wich is more trustworth isn't a relevant question.
> I can't stop the local government from looking at my data if it wants to. I can stop the US government from looking at it.
I doubt that.
US government intelligence gathering within the US is being reported on right now and controversial because their are strong expectations and at least some legal restrictions that suggest that such surveillance is exceptional.
But if you think keeping your data overseas means that the foreign intelligence gathering apparatus of the US government isn't going to get at it, then you may have failed to think things through clearly.
Not sure if it's the beginning of the end. But of course, if you're a non-US corporation or government (or individual who wants to retain his or her privacy), then US-based cloud services are out. No Gmail, no iCloud, no Dropbox, no iOS or Android phones.
And of course, that's the wrong question anyway. You shouldn't trust anyone with access to your data, which is why strong cryptographic techniques are especially important for cloud-based activities.
A classic over reaction by a member of the press. However it may lead to certain SLA revisions. If the NSA comes calling I will notify you before giving them access. Or people choosing to host outside the USA.
if you have an sla like that, the service provider has to choose between violating the SLA by not telling the customer, or violating the warrant/court order which compels them to not inform you.
Which, due to the total secrecy of the government's process (e.g. National Security Letters), they cannot provide.
We could, of course, watch ever word we put on the cloud, including the supposed private stuff, but I'd rather not do that for a large class of things (submissions to forums like this are an obvious exception, I am after all submitting it for the whole world to see as it wishes).
The cloud can still be useful for encrypted backup, that's what I do with rsync.net to avoid loss by disaster, and it saved e.g. my email when the Joplin, Mo tornado hit 2 years ago. But put my spreadsheets on the cloud? The one tracking the blood test results of a relative's anemia (fortunately, it looks like it was a "hit and run" virus). No, I think not.