Switzerland to set up 'Swiss cloud' free of NSA, GCHQ snooping (it hopes) Swisscom, the Swiss telco that's majority owned by its government, will set up a "Swiss cloud" hosted entirely in the land of cuckoo clocks and fine chocolate – and try to make the service impervious to malware and uninvited spooks. Companies providing secure communications, such as Silent Circle, already use Swiss data …
Just type "Crypto AG" and "NSA" into your favourite search engine.
Ah, you may want to check the facts. That wasn't WILLING collaboration, but more the backdoor route the NSA took with Google (must have been out of habit, because now they have perfectly legal routes to do the same).
Where Switzerland made a MASSIVE tactical error (and so demonstrated the clean naivety of Swiss politicians when dealing with the US) was when they allowed themselves to be blackmailed with the Credit Suisse affair. They really thought that giving in on one bank would be the end of it, forgetting the maxim that if you give in to blackmail once, you will be blackmailed forever. They forgot that the US had TWO problems to address: not only scare citizens in paying for the very fact that they had a US passport, but also taking the spotlight off Wall Street and the role it played in yet another global economic crash. Marketing Switzerland as the place where all those bad tax avoiders were hiding was thus a master stroke.
There is, however, an upside to this. As a consequence, the attitude towards the US has so hardened in Switzerland that US passport holders are asked to do their banking elsewhere (not in the least because dealing with US clients costs more in IRS paperwork than the profit it brings), and people with US passports are asked to step down from boards in organisations (not quite sure what the motivation there is). Another side effect is that privacy is now seen as a new source of revenue. And they are right.
"surely you are still stuffed in the UK even if the data is in Switzerland? Can they not compel you to turn over the keys,login etc....?"
Yes, but at least you know they are snooping, and can fight back if you want.
Different then a secret order to go vacuum up your data from Google/Microsoft/Amazon cloud without saying anything.
surely you are still stuffed in the UK even if the data is in Switzerland? Can they not compel you to turn over the keys,login etc....?
You're correct. The issue that is being addressed is the risk of outsourcing. If you're a bank or a law firm in the UK, your core competency is probably not in running an IT shop or keeping security up to date, so you buy in that service from somewhere else (also has a neat side effect that you can blame someone else if you get hacked).
The problem is that the combination of the Regulation of Investigative Powers Act and enhanced powers when you bandy the word "terrorist" around allow a bypass of due process when it comes to intercept, so your provider could be ordered to hand over your data without you ever finding out .. or so you'd think.
The second problem is that the rules surrounding such an investigation do not really do much for your privacy either, so even the most junior policeman fresh out of school could see really confidential data - once that data has been obtained, it's a big question if it remains protected as well as you would need it to be. This is why I said "or so you'd think" - when some of that data leaks you may not have an idea how this has happened, and with all the secrecy it will be hard to discover, less prove it was actually law enforcement who caused this to happen. Either way, you will end up shouldering the blame and liability as the "National security" meme will get very much in your way.
Last but not least, the UK also has a problem with the disposal process after an investigation has been closed down. For example, until recently, DNA taken during an arrest would remain on file in contradiction with EU law and it took a court case to change that. It is now slowly being addressed.
Your next question will be "what if the UK simply asks Switzerland for the data?" and the answer to that is the next reason why you'd want your data in Switzerland: a cross-judicial request for assistance has to fulfil the conditions of the target country. In other words, if the request does not satisfy Swiss law, it will be rejected.
BTW, it's not enough to just decamp to Switzerland and then declare yourself the defender of privacy (as I see with many Swiss email providers). There is a lot more work to do before you have closed all the backdoors. I've been through that exercise and it's hard work, but you may recall I saw this trend well before Snowden came onto the scene.
The above also indicates how I knew that not all was well with US "secure email" providers even before they started up. Having your HQ in the US makes it pretty much irrelevant where you host your data as the decision power (and thus the leverage for law enforcement) is subject to US law. The latter should also give you a hint as to (a) what a massive problem Silicon Valley is presently trying to hide from you and (b) just how little value the Safe Harbour scheme has, even if you ignore the inherent conflict of interest in a self certification scheme in the first place.
The US is now in a situation where all chickens come to roost at once, and -pardon me for butchering the expression- many feathers are flying. There was a reason why we have due process: handing powers to the state is perfectly OK if it can be checked they are used for the purpose for they were given (pretty much in the same way you don't give everyone in your company the right to sign corporate cheques). Take transparency and supervision away and it becomes a mess. The bad guys have a party, and the good guys (because they exist too) no longer have a way to prove they still follow the rules. If you do this in law it takes a LONG time to sort it out. I reckon it'll be close to a decade, and that's IMHO a conservative estimate.
Some final remarks: this is not just a UK issue. A number of EU countries have implemented anti-terror measures in ways that do not exactly inspire trust, the Swedish FRA is but one example. Also, the fact that the Swiss are careful about intercept does not mean they don't have the capability, it's just that they go about it a bit more carefully.
>But if legal requirements are there and we are asked by the judge to obtain or deliver certain information then we would obviously have to comply with it."
If that judge, or anyone else for that matter, has a briefcase full of <insert favorite 1st world monies here> then undoubtedly you can get what you want.
If you have ready cash you can buy what you want in Switzerland. The average Swiss is probably quite an honest person but they are not the ones running the companies. What people tend not to know, or forget, is that many of the large companies in Switzerland are usually run by expatriates or foreign nationals or have many ex pats working there.
Corruption exists here to, it's just that they are very good at keeping quiet about it. Switzerland has no real product worth exporting of any value, ok some watches and some chocolate, what they do have though is secrecy, well almost ( ask the UBS about that). But secrets like everything else can be bought.
How do I know ? I work here.
AC for obvious reasons.
Switzerland has no real product worth exporting of any value, ok some watches and some chocolate
Nah, just some trivial stuff like extremely high grade precision mechanics, some very clever electronics, you know, the stuff that creates some small pocket change in revenue.
How do I know ? I work here.
That is doubtful. Or you've never gone out much. US passport?
Indeed, corruption exists in Switzerland too, and money still talks loudest (they're human too). But, as various high grade politicians have found out, if it leaks you're very much history. And since the German bank data theft they have come up with amusing ways of making life uncomfortable for those breaking the rules, like putting out arrest warrants for German ministers.
Approximately 160 000 cross border workers come into and leaving Switzerland every day.
Approximately 33% of people living in Geneva are expats. ( B ,C and L permits).
Approximately 20% of the entire population are non-Swiss. ( Approx 1.5 million people).
Can you imagine just how easy/simple it is for any of the 1st world countries to implement literally hundreds of spooks/spies/agents/thiefs amongst that lot... The Swiss governments do not do background checks or request any particular documents when applying for a work permit.. As long as your employer gives the go ahead you are in.....
Amongst the above many of them are skilled IT Engineers and IT professionals. Now tell me about security again !
There are quite a few data centres in Switzerland, I have visited several of them and I was surprised to see how many expats work there....... In the Geneva region I have visited 3, they are all well known.
I am not making allusion to the fact that expats are any more likely to be dishonest, it is merely to show how easy it would be to get in behind the scenes where the nasty work can get done.
Switzerland is no safer than any other data centres in the world; it is all just smoke and mirrors...
Never forget that the majority of data loss comes from the inside not from the outside.
There are quite a few data centres in Switzerland, I have visited several of them and I was surprised to see how many expats work there
Yup. But try to see how many US citizens work there now. I work with government level facilities, and I know how they check (that's why I use them) - access to those platforms is something you have to request well in advance, and unless you have a very good reason you'll not get in there.
I must admit that I have not met any Americans but there are a lot of Europeans. Anytime I have visited the data centres they have asked only to see a simple piece of identification.
The only one that was a little more complicated was the one in the center of town, I won't give it's name but it is well known.
They know the time when the banking industry can support them is drawing to a close, and the NSA has handed them a new industry to take its place.
There are very few who hate the Swiss. They haven't invaded anyone, or been behind secret coups or Communist uprisings in anyone's memory or even the memories of their now dead great great grandparents. They're seen as trustworthy, whether you're from the US, the UK, Germany, Russia, China or Saudi Arabia.
typing from where I can see switzerland, unless my hypothetical swiss cryptoAG cloud can demonstrate perfect forward secrecy via client side & client controlled (default: NOT the next NIST Dual_EC_DRGB subverted) encryption, then I'll leave my data under the bed, thanks.
btw: the Swiss hate the swiss, in canton to canton rivalry, hence their outward facing neutrality!
It's the zero probable cause.
I think anycountry country where people care about their privacy should establish in country clouds.
While theoretically a natural disaster can wipe out large parts of a whole country the chances of anything wiping out a whole country are very remote.
Thumbs up to the Swiss for the first (?) legal "data haven"?
Thumbs up to the Swiss for the first (?) legal "data haven"?
It appears that someone spotted that before Snowden?
everything has a price, including Swiss imperviousness. Haven't the Germans, British and US tax authorities (to name a few) bought a couple of cds for a cool price a few years back? OK, only the German bribe was made public.
oh no sir, but THIS is different!
Yeah, right, in terms of price to be set.
Haven't the Germans, British and US tax authorities (to name a few) bought a couple of cds for a cool price a few years back?
So the few crooks are representative of the whole? Interesting way of thinking. Does that mean that all Brits are thieving through their expense accounts, or is that just a few MPs? Just curious.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
