SoylentNews is people
SoylentNews
The natural reaction of many citizens, companies and governments is to try to get their data out of the United States and out of the hands of American companies. The idea is a seductive one, even for Americans. Offshoring money has been a popular strategy for tax avoidance. Why not offshore data to a foreign company?
This offshoring of data to avoid surveillance is not just an idle notion. As a privacy lawyer with experience in the intelligence community and the Obama White House, technology companies have asked me how they might pursue such a strategy. It turns out that shifting user data abroad or into the hands of foreign companies is a very poor way to combat American surveillance.
The Justice Department may put a lot of pressure on Swiss banks, but it doesn’t hack into offshore accounts to recover ill-gotten gains. By contrast, intelligence agencies are not known for scrupulously observing the laws of foreign countries in which they operate, even when (as in the United States) they are subject to a system of domestic legal oversight.
NSA directors have stated quite openly their desire to collect everything American law permits. However, what the law allows the NSA to do varies starkly depending on where data is collected. Under the Foreign Intelligence Surveillance Act, the rules that apply to data collected from a switch, wire, or server in the United States are stricter than the safeguards that apply to data collected overseas.
(Score: 2) by c0lo on Monday January 05 2015, @10:28PM
Yes, I know that cryptography and the application of it are two different things, but in this case... I'd rely more cryptography than on whatever legal piece somebody would put in front of me (be it whatever constitution or universal bill of rights or not)
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 3, Insightful) by frojack on Monday January 05 2015, @11:43PM
One isn't much good without the other.
After all, if they can put a gun to your head, the cryptography isn't worth much.
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by c0lo on Tuesday January 06 2015, @12:26AM
Security is always a tradeoff between the value of the "secured" item and the cost of the attacker to obtain it (therefore, no security is perfect)
Personally, I'd rather prefer NSA to go after 1000 people** outside US with that gun you mention than having my info within US (where they only need a NSL): it will cost them more. Without too much effort for me, even assessing if me or which others are persons of interest will come with quite a high cost for them.
** e.g. I believe mega.co.nz have more than 1000 users
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 0) by Anonymous Coward on Tuesday January 06 2015, @03:06PM
This is a common view among technocrats. IMHO it is a self defeating view. Regardless of what you build, the fear of the unknown held by your inferiors will make you a target. A measured approach to integrating some old views into the new is important, not because it improves the result of your work, but because it takes a few of the bulls-eyes off your back.
The law, being largely deprecated in terms of linguistic logic, (the full extent of the study of logic required for a law degree is Socratic method) still governs us. Presuming that you can engineer your way above the law is folly. When elasticity in the legal system runs out, the intellectuals get sent to the block. It happens every time.
If you look at the way Hollywood portrays computer technicians it is pretty clear that there is broad support for fomenting fear of us already. Presumably they remember the McCarthy days and have decided they would prefer computer technicians be the "commies" during this iteration of irrational fundamentalism. However you look at it, the impetus is on us to change the law, before the law finds itself taking an unhealthy interest in changing us.
(Score: 2) by c0lo on Tuesday January 06 2015, @08:04PM
But, unlike NSA, I'm not going against the law -at least not until a new law comes in and makes encryption illegal and this is a law I wouldn't want to promote.
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 4, Informative) by MrGuy on Monday January 05 2015, @10:42PM
This article is written by someone who doesn't understand the subject or the rationale for data offshoring (or is a plant trying to FUD the issue).
No one has ever argued that offshoring data will protect it from the NSA. Indeed, the best way to make it EASIER for the NSA to snoop on your data (within it's stated mandate) is to move it outside the United States). The NSA's chartered mission is foreign surveillance. In general, they don't have to justify activities overseas nearly as much as they have to justify surveillence of US citizens (which is explicitly OUTSIDE their mandate). While the NSA demonstrably DOES do quite a lot of domestic surveillance, it's dancing carefully to define such activities as legal (or, at least, not explicitly illegal) in a way they don't have to do overseas.
The justification for data offshoring doesn't have anything to do with the NSA. It has to do with NSL's (National Security Letters). These are self-gagging, nearly-unappealable demands for records access that the FBI uses routinely for domestic "counterterrorism" activities. They're a very poor sop to the 4th Amendment to give legal cover to huge searches of Americans' domestic data. An NSL can be issued for "business records," which the FBI claims covers the metadata and content of every message sent that isn't nailed down with encryption that the service provider can't break. Under an NSL (and/or a FISA court order), the US government can force your hosting provider to clone the hard drive from your server (and everyone else in the same rack) for them, take it away, do whatever they want with it, and never, ever tell you. They can force your service provider to install a tap on your line. These things are all legal in the US, for anything subject to US jurisdiction. That's what the Patriot Act (which did not mention the NSA or grant the NSA any additional powers) was all about.
In general, intelligence agencies like the NSA operate in the shadows - they can lobby to weaken crypto standards, but they can't in general walk into Microsoft and slap them with a court order to break Skype's encryption (and issue a gag order that Microsoft can't say a peep about it). The FBI can and (reportedly) did.
The US Government has a scary amount of power with NSL's and FISA orders to force companies in the US to perform actions on information in the US. Those powers stop at the US borders. You're not completely safe anywhere from intelligence agencies like the NSA and GCHQ, but at least outside the US you're not as obviously subject to the Patriot Act.
(Score: 3, Insightful) by Anonymous Coward on Monday January 05 2015, @10:53PM
(or, at least, not explicitly illegal)
It's explicitly against the spirit of the constitution and what "the land of the free and the home of the brave" should be doing, though.
(Score: 2) by TheGratefulNet on Tuesday January 06 2015, @04:16AM
there really are 'two americas'.
there's the one that most people live in, they are taught about 'good and evil' and right and wrong and how we are all this (blah blah, bullshit, bullshit). they think that what they are told or taught is real.
then there's the shadow US that does whatever the fuck it wants, no one is strong enough to challenge or topple that power base and they get away with, quite literally, murder. anything they want. no watchmen watching them (that would dare turn them in).
the so-called leaders are figureheads and have no real power. the real power brokers are those with names that you and I will never know. they won't be brought to justice and they will continue to be the artistocracy in the US, completely untouchable by any kind of laws (or ethics).
until we all - as a country - wake up and realize this DUALITY, we are fucked and fucked three ways till tuesday.
nsa, nsl's - those are there to keep us all afraid and to keep the powerbase and status quo intact.
the american fairytale has not been true - probably not EVER. the sooner we realize this, the sooner we can re-invent the real US; the stuff that we all were taught and brought up on. until then, there will be us (the little people) and the ones who really run shit.
5 yrs ago, I would be called a tinfoil hatter.
now? not so much, huh?
"It is now safe to switch off your computer."
(Score: 2) by frojack on Tuesday January 06 2015, @12:03AM
This is spot on.
Plus, foreign hosting may actually offer more security, not only from the FBI, but also from the NSA, because the very thing the foreign host has to offer is protection from those guys.
However, the offshore host might not have protection from their own country's three letter agencies. What the NSA can't get for itself, the GCHQ or the Bundesnachrichtendienst can get for them. Repayment in kind. You have to pick your hosting country carefully to find one with anti-snooping laws. And when all is said and done, there probably aren't many with many countries with meaningful protections. The best you can hope for is countries that don't owe big favors to the US.
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Tuesday January 06 2015, @02:55AM
Rig it with a physical self destruction procedure? "can't touch this" ..
(Score: 2) by opinionated_science on Tuesday January 06 2015, @12:25PM
y'know that could read like the next revolutions preamble...from "We hold these truths to be self-evident", to "we really meant it when we said the govt is a tyrant".
The Govt has stopped caring about appearances, that is why the spying has to be so invasive. As the founding fathers predicted, Govt's can't be trusted....
(Score: 2) by darkfeline on Monday January 05 2015, @10:44PM
In other words, it's already too late.
Join the SDF Public Access UNIX System today!
(Score: 2, Insightful) by Rosco P. Coltrane on Monday January 05 2015, @10:58PM
Move your data offshore and it's fair game for the NSA, since anything outside of the US is their playground.
Keep your data inside US borders, and the NSA is bound by law not to violate your rights re surveillance.
Problems:
- The NSA has already demonstrated they don't give a shit about the law or the constitution if they can get away with it.
- Even when they do pretend they follow the law, they stretch the interpretation of the law until it stops applying to them.
- The US government has already proven numerous times they don't give a shit about the constitution, and most lawmakers are bought and sold on the marketplace.
In short, your data is probably safer outside a corrupt, semi-fascist United States than inside it. Better having zero guarantee of having your data kept safe abroad, than all guarantees that it won't at home.
(Score: 2) by c0lo on Monday January 05 2015, @11:03PM
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 0) by Anonymous Coward on Tuesday January 06 2015, @11:10AM
The TLA's budgets are unlimited. The Federal Reserve will print however much money is necessary.
(Score: 0) by Anonymous Coward on Tuesday January 06 2015, @09:19AM
That's only true if you're a US citizen residing in the US. Anyone else is fair game anyway.
(Score: 3, Interesting) by pogostix on Tuesday January 06 2015, @01:47AM
My company website and email switched from USA servers to Norway. I can't stop the US govt but I don't have to spend my dollars in the US.
runbox.com .......not affiliated, just a happy customer