from the obsolete-voluntary-guidelines-solution dept.
Steve Durbin of the ISF was interviewed regarding the fallout after Snowden and the push by governments and organizations to try and wrestle some control of their communications away from the US.
"From a European point of view it fuelled political hysteria." He adds that regardless of one's opinion on the value of this type of surveillance there are political gains to be made from stirring up a reaction to Snowden's disclosures.
The idea of having an EU internet, Russian internet, US internet, etc doesn't sit well with Durbin because he feels it will hurt the functionality and that governments by themselves cannot actually get the job done.
"Government can't do it all", he warns when reflecting on proposed regulatory responses to privacy and surveillance issues. "By the time they get their act together, the world and technology has moved on significantly."
As a reminder in February the German government started discussing an EU internet:
Germany's Chancellor Angela Merkel "is proposing building up a European communications network to help improve data protection" and prevent European emails and other data passing through the United States where it can be, and has been, harvested by the NSA.
Related Stories
Google has been aggressively suppressing an internal memo that shared details of Dragonfly, a censored search engine for China that would also track users:
Google bosses have forced employees to delete a confidential memo circulating inside the company that revealed explosive details about a plan to launch a censored search engine in China, The Intercept has learned. The memo, authored by a Google engineer who was asked to work on the project, disclosed that the search system, codenamed Dragonfly, would require users to log in to perform searches, track their location — and share the resulting history with a Chinese partner who would have "unilateral access" to the data.
The memo was shared earlier this month among a group of Google employees who have been organizing internal protests over the censored search system, which has been designed to remove content that China's authoritarian Communist Party regime views as sensitive, such as information about democracy, human rights, and peaceful protest.
According to three sources familiar with the incident, Google leadership discovered the memo and were furious that secret details about the China censorship were being passed between employees who were not supposed to have any knowledge about it. Subsequently, Google human resources personnel emailed employees who were believed to have accessed or saved copies of the memo and ordered them to immediately delete it from their computers. Emails demanding deletion of the memo contained "pixel trackers" that notified human resource managers when their messages had been read, recipients determined.
[...] Google reportedly maintains an aggressive security and investigation team known as "stopleaks," which is dedicated to preventing unauthorized disclosures. The team is also said to monitor internal discussions. Internal security efforts at Google have ramped up this year as employees have raised ethical concerns around a range of new company projects. Following the revelation by Gizmodo and The Intercept that Google had quietly begun work on a contract with the military last year, known as Project Maven, to develop automated image recognition systems for drone warfare, the communications team moved swiftly to monitor employee activity. The "stopleaks" team, which coordinates with the internal Google communications department, even began monitoring an internal image board used to post messages based on internet memes, according to one former Google employee, for signs of employee sentiment around the Project Maven contract.
Eric Schmidt has predicted that there will be two distinct "Internets" within the decade, with one led by China:
(Score: 2, Insightful) by Anonymous Coward on Thursday June 12 2014, @01:57AM
I don't get what the big deal is with a "balkanized internet." "Balkanized Internet" just sounds like an ugly way of saying a bunch of separate networks that are interconnected which is the literal definition of the Internet. So what if each net has different policies? I mean bad policies will certainly suck for the people who have to live with them, but don't we already have that with things like the great-firewall of china?
(Score: 3, Insightful) by mth on Thursday June 12 2014, @02:13AM
I think a lot of the outrage at the NSA spying from EU politicians is for show. In the files Snowden leaked the GCHQ often appears, which is based inside the EU. And I don't know if other spy organizations are named less often because they spy less or because they aren't as close to the NSA and therefore Snowden had access to fewer documents about their programs.
If they are really concerned about the privacy of EU citizens, then let's review how agencies inside the EU spy: whether it is effective and proportionate to the threats. Also, I think it should be possible to discuss procedures without harming operations: there is no need to keep everything concerning spy agencies secret, just the content. And why is it that aggregate and anonymized data are considered to respect privacy when companies use them but are considered too revealing when the government has to report their numbers?
(Score: 1) by looorg on Thursday June 12 2014, @02:31AM
Ofcause it is for show, this is surveillance/security theater at its finest -- OMG THE NSA IS SPYING ON US! I WOULD HAVE NEVER THOUGHT ...
Every country in Europe has a spyagency of their own that is similar to the NSA or tries to be, albeit on a somewhat smaller scale. If you search the files Snowden leaked you can find the names of the corresponding euro agencies and their country of origin because they all cooperate with each other so this outrage is really just a silly act, trying to score political points on the homefront.
A balkanization of the Internet wouldn't that sort of defeat the entire purpose? Will there be like checkpoints? You are now leaving US-INTERNET, Welcome to MEXICO-NET ...
(Score: 2, Interesting) by pTamok on Thursday June 12 2014, @08:58AM
Of course every country has its own intelligence service. That is not the point. The point is the behaviour of that service.
The irritation is not that 'spy agencies' are doing their job, the irritation is that the private data of everyone is being compromised, and apparently by illegal means: there is no legal framework under which such mass surveillance is allowed. There is no democratic oversight. That really ought to worry you. The 'Five Eyes' agencies do co-operate, and it is common assumption, for example, that the British and American agencies do each other's dirty work for each other to get around domestic legal restrictions.
A balkanization of the Internet won't stop the efforts of intelligence services to gather information; but it may just prevent all our private data being served up on a plate to be pawed over, and optionally retained.
If you take the physical post, letters and parcels to any individual have always been able to be opened and read by the state, but there had to be good cause to do so, and the process was well documented, with legal constraints. Internet traffic is not handled in a commensurate manner - it is as if each and every letter an parcel to you (and every other individual) is being opened and read, and the contents (possibly) copied and stored indefinitely. It is a massive expansion of surveillance, and agencies are actively working to compromise any security/encryption people use.
Obviously, any method of communicating secrets can be used by people with bad intentions, so it is understandable why the idea that such a capability may exist, and be accessible to, for example, terrorists and tax dodgers, is toxic to security services. So, the debate is about individual rights and freedoms (to private conversations) balanced against the need to prevent giving the bad guys tools to enable their bad actions. That debate is not being had, even in the wake of Snowden. The question is, should you be able to communicate secrets such that not even your government (or a foreign government) can determine the content of your conversations? Is that a (human) right?
(Score: 1) by looorg on Thursday June 12 2014, @04:48PM
I'm of the opinion that there actually is democratic, or well government anyway, oversight. They are just not seeing anything wrong, the spy agencies are doing what the government want them to do. After all it has been about a year now since Snowden did his leak and blasted into the public eye. Have their been any change in how these spy agencies work? Not really, at least no change that is due to government changes, pressure or new instructions. If there is change it is because the agencies are refining their methods, not due to government pressure. From that I can only conclude that they are doing what their respective government wants them to do. Sure, there have been some hearings and a lot of condemnation and outrage, security/surveillance theater, but no actual change.
There is a framework, there are rules and laws but at the same time it's spying so you don't want to much of it and it usually also gets weird since most of it is targeted towards that you don't want other to spy on you but your own spying is not very limited in that regard. Our spies are fine, their spies are evil and should be dealt with.
The uproar is on a public level and the whole spying thing doesn't seem to be a very big factor when it comes to elections etc either where it tends to be the usual work, tax, jobs, healthcare issues that take center stage. I don't think anyone wants to be spied upon but in the grand scheme of things doing something about it is just way down on the list. Example; people want to talk with the friends on facebook and share all their information, they don't care or know that facebook keeps it all forever and that it might be publicly available to anyone with anykinda of technical knowhow. Is secret communication a human right? I don't think so. If you want to keep secrets don't talk about them in a non secure way (if that is actual face to face conversations, or social media or cell phone calls doesn't much matter). The problem seems more to be that people assumed their conversations was secret and secure only to find out that they where not. People, in general, just don't know how modern communication technology or computers work. Hence the outrage.
(Score: 1) by pTamok on Thursday June 12 2014, @05:14PM
I'm not sure there is effective government oversight when a US Congressional committee can be lied to, seemingly without comeback. Furthermore, because the intelligence services work is necessarily secret, the general public don't get to see what is being done in their name. If the elected representitives are lied to, and you are not allowed to know what is going on, then how is that effective oversight?
In addition, it is not just a lack of understanding of the way technology works, although there is a significant element of that. As we have found out, the intelligence services have been actively working to compromise encryption: not necessarily by recommending mathematically flawed algorithms, but by ensuring that the implementations are flawed (or backdoored). This affects everyone who uses such flawed implementations, and not just the bad guys.
Arguing that secrecy is not a right is fine, and a perfectly respectable position to take, although it may have some unwanted consequences. It's also worth considering if privacy is a right or not; and if there is a right to anonymity e.g if publishing anonymous pamphlets. They are all related issues.
(Score: 1) by looorg on Thursday June 12 2014, @06:06PM
I guess it all depends on what you count as effective government oversight then. I can't even mention or think of all the different parts of the government with all the departments and agencies and god knows what else there is. I know even less what they all do. So I assume in the end it boils down to trust, I trust that they all know what they are doing and that things are done in a proper manner. But for all I know they could also all be lying their tits of at every turn and chance they get and we'll never, or rarely, find out about that either. The general public has next to no insight in what they all do either and in which manner they do it, some have to do with rules and laws and secrecy and some of that has to do with a lack of knowledge. I don't see why the intelligence agencies should be singled out as being somehow extra nefarious and/or devious. I believe that many private corporations knows more about you, or most people, then the the various spy agencies do. Why is it wrong when the NSA know stuff about you but it is somehow fine with VISA, Google, Facebook, your isp, your phone company, your bank, your insurance company or the store where you bought your food and just swiped your membership card know about you? Are private corporations better then the government in that regard? I'm more afraid of them and their massive datacollections then I am of the NSA (or any other such agency) spying on me.
It then all boils down to trust, I guess you have it or you don't. Do I trust the NSA? Sure. Do I belive that they also lie, cheat and backstab at every corner they can? You bet, it's the nature of the beast of spying. I assume they do what they do for the greater good and benefit of us all (compared to say private companies that do it all for themselves) and if that means that they know or have petabytes of, largely worthless, info on everyone and everything they can get their grubby little hands on I'm cool with that to. What would the alternative be? No spy agencies? Spy agencies that have to reveal everything they do or know to everyone that asks? The first would be living in total darkness and ignorance, the second would be impossible. I don't blame them if they don't want to, or can, tell all to congress. After all the people in political office can be gone next election and take all their secrets with them out the door.
You can't really blame them for doing their job tho can you? If mine, or yours, job was to spy of cause I would want them, the manufacturers, to implement weak algorithms and backdoors into their products so that I can could do my job. Not to easy tho cause I don't want others, such as competing or foreign spy agencies, to use the same methods as I do. It's horrible for sure but it's the way things work and I don't really see an alternative to it since technology or the use and abuse of it just can't be put back in the bag. Since our spy agencies work from a different set of rules and laws doing what they do is apparently not illegal, more to the point there probably isn't a law for what they are doing at all which in terms of the law makes what they do legal. Sure you could find laws for breaking an entrance or wiretapping and apply it but those laws are not written for or with them in mind so they might not apply.
Yes there are related issues such as the right to privacy. You have that. But how far does it extend? If you don't take precautions to protect your privacy then whatever you let out there is really up for grabs as far as I am concerned.
(Score: 1) by pTamok on Thursday June 12 2014, @08:08PM
Well, to quote President Reagan, "Trust, but verify". Other state organisations have public budgets, and information can be obtained from them (if necessary) by Freedom of Information requests if it is not already available in some form. You may operate by trust, but you don't have to: there are mechanisms for the public to find out what is going on. This is not the case with the intelligence agencies. And we know that lying is part of their modus operandi.
As for commercial organisations, in theory, you are making a free choice to share information with them, and they operate under data protection laws, which, in the case of the medical industry, are quite draconian.
Blaming intelligence organisations for doing their job is not what is happening: the information released by Snowden shows they are going significantly beyond what people regard as reasonable. Subverting encryption makes everybody less secure and imposes serious economic cost. Cisco have testified to a drop in their sales as a result of recent history, and it is hard to see how anyone can trust an American company in future, when their business can be subverted, in enforced secrecy, by the NSA. One of the points of living in a free country is that you really should be free from malign government influence. Apparently in the USA (and at least the other Five Eyes countries) you are not. Saying that China, or Russia, or Israel, or Sweden are doing it, so we should is not a valid argument.
On taking precautions to protect your privacy there are a couple of issues. Not everybody is sufficiently technically aware, or capable, of assuring privacy of their own data. One of the benefits of living in a well governed society is that the government takes on the burdens that private individuals are unable to take on alone: such as defence of the state, construction of infrastructure, policing the administration of the law etc. One such burden is privacy of your personal information, which is why there are laws against disclosure, and it is reasonable to expect a government to aid individuals to maintain private those things that should be private. Compromised encryption defeats that.
(Thanks for the extended postings - I have to break off here, as, unfortunately, I have work to do.)
(Score: 1) by meisterister on Thursday June 12 2014, @03:56PM
I'm sure that if you left the naming of the internet of the United States to the government, they'd come up with some godawful backronym.
"You are now leaving the US AMERICAN PATRIOT FREEDOM LIBERTY EAGLE DEMOCRACY NETWORK"
(May or may not have been) Posted from my K6-2, Athlon XP, or Pentium I/II/III.
(Score: 4, Insightful) by edIII on Thursday June 12 2014, @03:18AM
This has nothing to do at all with spying. It's like how Vietnam was about drug smuggling, and not a fight against Communism.
EU governments want control over the Internet, and the juicy spoils that go with it. GoDaddy gets rich off pure Grade A Bullshit. The DNS system has been hijacked, and of course they want more TLDs. How else can the market expand? You don't think some elites in the EU haven't figured out how lucrative this stuff can be?
From a tactical point of view related to spying, EU governments have everything they need already. Hell, their story is so fucking rich right now, as they are completely ignoring the math of the Five Eyes. One eye is the US.... and where are the four other ones? Uh huh. Well unless they modified the EU to mean Not-UK, their biggest problem is in their own backyard.
China operates just fine without control over the Internet. Great Firewall does work. They can block Youtube, Facebook, and Twitter. The methods in place for governments to exert control already exist.
Controlling the allocation of IP addresses and the DNS is all they are after. It represents money to operate that stuff, and those people don't care if they do a good job or not. When was the last time "good job important" was taken seriously with government run operations and contracts?
I'd like them to explain just what it is they actually gain. Not the PR bullshit, but what do they actually gain with the control, that they didn't have before, that affects intelligence gather operations either foreign or domestic?
It sounds like all the gains have massive implications for business and the shifting of markets and wealth, and no real tangible security benefits.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by redneckmother on Thursday June 12 2014, @02:12PM
"This has nothing to do at all with spying. It's like how Vietnam was about drug smuggling, and not a fight against Communism."
Everyone knows Vietnam wasn't about drug smuggling - that was Nicaragua.
Mas cerveza por favor.
(Score: 4, Insightful) by c0lo on Thursday June 12 2014, @03:53AM
How come? What negative impacts on commerce can arise from the fact that my email doesn't cross US jurisdiction anymore?
Why should I be scared or indeed even care about?
Why should I trade my privacy for some unspecified impact on commerce?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Thursday June 12 2014, @05:33AM
Quite. The same protocol, the same services, local hardware. And maybe EU gets a stronger voice in the boliticks i.e. ICANN and all that.
(Score: 1, Interesting) by Anonymous Coward on Thursday June 12 2014, @05:36AM
From a European point of view, they were spying on a head of state (Merkel). There can be no strong enough response and the bad blood created is correctly enormous.
(Score: 0) by Anonymous Coward on Thursday June 12 2014, @01:01PM
Note also that in Germany there are investigations by the federal prosecutor about Merkel being spied on. There are no such investigations about normal citizens being spied on, for "lack of evidence".
(Score: 2) by wantkitteh on Thursday June 12 2014, @01:39PM
Also note how an American labels as "hysteria" the European reaction to discovering the DMCA Safe Habour provisions the USA put in place to conform with our basic information protection and privacy expectations online turns out to be worth less than the electricity required to transmit the PDF over a segment of Cat6. Keep letting morons like this open their mouths in public and watch what was left of America's foreign political credibility turn to dust.
(Score: 2) by AnonTechie on Thursday June 12 2014, @06:14AM
Each country would probably have their own set of policies for their country. I am unable to understand how this will help prevent the US three letter agency or any other agency from infiltrating these networks ?? Would somebody be good enough to provide an explanation ?
Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
(Score: 4, Interesting) by monster on Thursday June 12 2014, @08:43AM
They are not only policies. There's a massive overhaul of the backbone also in the works.
Take the EU-Brazil proposed line, for example. Right now, if you want to send an email from Germany to Brazil it goes through UK (hello, GCHQ!), the North Atlantic to USA (hello, NSA and company!) and then to South America. It doesn't matter if you use an Europe-based email provider and send to a Brazil-based email provider, foreign agencies get your emails too if they want (and, as Snowden showed, yes they want). Same with any other traffic, not just email. With the proposed direct cable, both GCHQ and NSA stay out of the route unless hostile action (like tapping the fibre, which is both limited and expensive).
It would be like if you commute through a very bad neighbourghood, you decide to search alternative routes to avoid it, and one of the pimps calls you hysteric :)
(Score: 0) by Anonymous Coward on Thursday June 12 2014, @11:32AM
Sounds like this guy just wants a piece of the pie...