back to article Blame Silicon Valley for the NSA's data slurp... and what to do about it

Widespread ridicule has greeted the announcement that eight giant technology companies led by Google and including Facebook and LinkedIn were going to save us from the NSA. The ridicule is thoroughly justified, for trusting giant corporations - whose business models rely on selling your identity to advertisers - to safeguard …


This topic is closed for new posts.
  1. Paul Crawford Silver badge

    The underlying problem with IP rights, both in 'the individual' case and in the behaviour of traditional media, is that it relies on actually fighting such problems through the courts. And that costs money. Serious money.

    Add to the the financial penalties which, in the US at least, are ruinous to an individual but petty cash to a billion pound business, and you start to see why it is fairly hard for any individual to challenge, but easy for industries (and or their representation groups such as the MPAA, etc) to threaten small innovative players into obedience or destroy them.

    Short of settlements being means-based (say 0.1% of one's worth, so few thousand for an individual but maybe millions for a big business or a group they back), and making the court process faster and cheaper, that is hardly going to redress the situation we find ourselves in.

    As for the spooks, well they get laws made up to suit what they want to do, so none of this would make any difference.

    1. silent_count

      I think its time for another chorus of, "no taxation without representation". Us plebs get taxed well enough but the representation goes to whoever has the richest lobby group. And funnily enough, the companies which don't pay any taxes have plenty of cash available for lobbying - that is, buying representation.

      1. Anonymous Coward
        Anonymous Coward

        "But you ARE your Representatives and Senators. YOU voted for them, after all. Your fault for voting in a brown-nose."

        1. Anonymous Coward
          Anonymous Coward

          RE: "Your ARE represented" - stupid reasoning.

          If your only candidates in an election are already captured cronies then the vote becomes meaningless. In the USA especially, but becoming more so elsewhere, the funds required to run for office inevitably lead to voting being no more than selecting from a pool of cronies. That's not democracy. But then neither is the USA.

    2. Andrew Orlowski (Written by Reg staff)

      It doesn't cost serious money in most cases. No matter how wealthy the infringer, the law favours the property owner.

      Per-infringement statutory damages really focus the mind. Now imagine this for privacy infringement.

      It will be an uphill battle because you'll be fighting both state propaganda (WoT) and Silicon Valley propaganda. But even Larry Page had to admit last year that your data ultimately belongs to you.

      1. Anonymous Coward
        Anonymous Coward

        It doesn't cost serious money ?!

        If my memory is still good, the SCO saga lasted about a decade in court. Google versus Oracle and Apple versus Samsung are also heading for a long presence in courts of justice. You still have to have some spare change to burn all these years.

    3. Arcadian

      Small claims court

      The underlying problem with IP rights, both in 'the individual' case and in the behaviour of traditional media, is that it relies on actually fighting such problems through the courts. And that costs money. Serious money.

      Since autumn 2012 the UK justice system has had a small claims track for IP cases where the value of the claim is less than £10,000. [More details here.] There is no reason why the same system should not be applied to privacy cases. And sure, £10,000 is a trivial sum to a big corporation; but I doubt if any corporation who cares about its public face would want to fight a lot of such cases.

      The IP small claims court can issue injunctions to prevent future infringement, as well as award damages.

      The US Copyright Office has been conducting consultations with a view to bringing in a similar system. I don't know what point they have arrived at on this.

  2. VinceH Silver badge


    "The ridicule is thoroughly justified, for trusting giant corporations - whose business models rely on selling your identity to advertisers - to safeguard your privacy is like hiring a kleptomaniac with a sweet tooth to guard the sweet shop."


    A good piece, though.

    1. Chris 244

      Nah, Andrew had it right

      By definition, kleptomania is an uncontrollable urge to steal for reasons other than personal gain. So someone with a sweet tooth stealing from a sweets shop does not fit the definition.

      1. VinceH Silver badge

        Re: Nah, Andrew had it right

        In that case there's no need to specify the type of shop. Since it was specified, adding the sweet tooth emphasises just how futile the excercise is.

        Not dissimilar to exaggerating how badly something is going by adding first "like an elephant on skis" to the statement that it's going downhill fast. And the next time, "like an elephant with a jetpack on skis", then "like an elephant with a jetpack on skis on a vertical incline."

        1. Chris 244

          Re: Nah, Andrew had it right

          By definition an incline is neither horizontal nor vertical. And what if the jetpack is opposing the downward motion of the elephant? Otherwise, I agree with you 110%.

      2. Anonymous Coward
        Anonymous Coward

        Re: Nah, Andrew had it right

        "The ridicule is thoroughly justified, for trusting giant corporations - whose business models rely on selling your identity to advertisers - to safeguard your privacy is like hiring children to guard the sweet shop"


  3. Anonymous Coward
    Anonymous Coward

    Lobbying is what they mean. They're spend a fortune funding the right senators.

    1. Crisp Silver badge


      It's just a fancy word for bribe.

      1. Anonymous Coward
        Anonymous Coward

        Re: Lobbying

        Not even fancy, just weasely.

  4. Pete 2 Silver badge

    The law is not the answer

    > Then we can begin to assert that we own everything we produce, extending copyright rights and practice to our own data.

    Having "rights" is fine and dandy ... if you are a law student making an argument in some ivory tower. However when an average guy on (maybe) $50,000 a year tries to assert those rights, up against the corporate might of a $100Bn corporation, there isn't even a smear left on the tracks of the juggernaut that rolls over him.

    Recourse to the law is only practical when it is affordable (without ruining either side: win or lose) and there is some degree of symmetry between the means of the parties involved.

    So how would an average guy "defend" his rights to his data? The answer is that he can't. Nobody can. As software companies learned with software piracy: once it's out there, you can't stop it. The only way to restrict the proliferation of personal data is to stop it getting "free". One model would be for all personal data to only be available through some sort of personal server (real or virtual) that required specific, tailored access to be granted on a case-by-case basis, by the individual in question.

    The problem is that few would wish to take the time to police their data. We already know that personal privacy comes a long way down the list of most people's priorities - as most (rightly or wrongly) don't consider it to have any value and so far they haven't been proved wrong.

    Maybe a better solution would be a way of allowing people to declare tabula rasa every few years. Change their online identity, walk away from all the crap that's been written about, or by, them and stop all those dam' cookies from following them around.

    The idea was popular in early Jewish/Christian tradition as Jubilee where slaves were freed, debts wiped clean and sins absolved. Maybe the internet needs the same? Though 50 years could be too long an interval - 6 months might be better.

    1. Ian Michael Gumby Silver badge

      @Repeat (pete 2) Re: The law is not the answer

      You are right.

      We can't afford individual lawsuits against the giant companies for spying on us.

      And the only winners in a class action lawsuit are the lawyers and the main litigants like the EFF.

      We can't stop using their products. It would mean every web page that uses Google Analytics would have to then find another service, and another company would actually have to invest $$$ to build a network of data centers to host the massive index of the web containing search results in multiple languages. (And it costs $$$ so you'll have to figure out a way to monetize it.)

      As to creating an online persona... guess what? I use one to post, but Google and company already know how to tie personas back to a real person. (Ooops! I guess I broke that one.)

      The only thing we can do is to get the laws changed and force Google and company to remove the data that they collect on us and to no longer track us if we submit a form ordering them to do so.

      (Want to see the chocolate factory melt overnight? ) I mean we could register a UUID cookie that says don't track this device. And if the corporation (Google, FB, Apple, etc ...) did, it would be not only a civil suit, but also prison time for not just the employee, but also the corporate exec. (No more... 'rogue' programmers as an excuse ...)

      Actually the irony would be that you would register a master cookie with the government in a 'Do not track' list where only the government has the PII information and the other companies just have the cookie and if they do associate it with other data, or do track more than 5 days after registration... oops. JAIL TIME! (The irony is that only the government could associate the cookie to you and they are the ones whom are accused of invading your privacy. ;-)

      1. Anonymous Coward
        Anonymous Coward

        Re: @Repeat (pete 2) The law is not the answer

        I don't use any Google, Yahoo, or Bing search for most searching, I use Startpage HTTPS and DuckDuckGo on most everything, even inline search, and misc proxies. I also use advert bug killers (like Ghostery), site blockers, script blockers, an end-of-session cookie killer, etc..., all with site whitelists, and I don't stay logged into comment sites for long; all because I expect sites to spy on me, and most do! I also use unique account details, so that data aggregators will find it much harder to track me across sites.

        I have never had a "drive-by" exploit, despite visiting many odd sites.

        There is lots more I could do, but it comes down to how much extra cost and hassle I will tolerate.

        What we need is something which makes the excessive spy infrastructure unusable, irrelevant, or just plain unaffordable. IP6 may just do that!

      2. Crazy Operations Guy Silver badge

        Re: @Repeat (pete 2) The law is not the answer

        A few month ago I came up with the idea for a government-run central database to store all information about that country's citizens.

        Every citizen would be issued a smart-card that would be used to authorize access to their information. IN turn each Company, organization and agency would be then issued their own CA certificate with which they would use to issue each employee their own certificate as well as certificates for equipment used to process personal information. This would allow for access to that information to be revoked for an rogue employee, a compromised server, or even an entire company that is misusing data.

        Each certificate issued would come with a long list of flags based on what information the requester can see (Primarily based off of whether the requester / requester's organization has passed regulatory checks such as HIPPAA, SOX, etc) or if they have a valid business license. This would be restricted at both the CA level and the individual employee level.

        Each company or data requester would have a standardized database that would receive the information in the form of a selective replication from the central database over a secured connection (SSL VPN perhaps using the device's certificate for access).

        When information is requested of a private citizen, a unique ID is generated along with a series of flags describing which pieces of data that are being requested, this is then sent to the central database where it is held to await authorization. At this point the citizen for whose data is being requested will use some for authorization terminal and log in with their card and see any requests being made for their data, at which point they could uncheck some things they don't want the requester to know, or is irrelevant. At this point the citizen would then send back the authorization. Once this authorization step has taken place, the request is granted in the form of a simple database replication from the central database to the requester's with only the authorized data.

        The requester's database would be constructed in such a way that it will filter information itself based on the authorization level of the employee.

        An example of all this would be if a citizen broke a bone and went to the hospital, at reception the clerk would create a request for all the citizen's medical information at which point they would be able to filter out irrelevant stuff (say the citizen had a psych eval. a few years back), the citizen would then authorize access to that data. The central database would then replicate all the authorized requested bit of information such as medical history, name, gender, DOB, next of kin, medical benefits, etc. along with a token describing how long the data will be available before the request expires and new authorization is needed.

        Since this data is further filter by the local database, each employee would see a different subset of data: the receptionist would see just your name, the doctor would see all your medical history but not address or other information, the nurse would be able to see your name, medications you are *currently* taking and allergy information, etc.

        Another example would be an online store where it would ask you for your shipping address and confirmation that you are allowed to posses certain materials such as prescription drugs, or toxic materials (But only if they are authorized to sell such things).

        A third example would be for an online service (such as email, a forum or social network) would only need to validate that you are a human being without the need to give them your name or even an email address, plus you could log in without the need for a password (you''d be able to use your smartcard). This would allow illegal activity (Such as soliciting sex from a minor or other malicious behavior) to be reported and the account traced through the original request, that way the police can handle it without the website ever knowing who that person truly was.

        On the other hand, if someone came up to you claiming to be from the government or a specific company, you could then make a request to the central database to validate that they are, in fact, a member of that organization and see a list of what they are able to request (In order to prevent fraudsters from claiming to be from your bank to steal you money or a government agent over-stepping their bounds).

        There would also be a a table in the database listing every single request for data, which would allow each citizen to review who made each request, even law enforcement requests would be listed here.

        The organization running the database would be built from the ground up with the idea of privacy in mind where no one can make an anonymous request despite them having a court order or National Security Letter. In the process of proper law enforcement, certain requests can be authorized by a judge and possibly be anonymized for a set amount of time (say 90 -120 days, but no more than a year) at which point the request will become public and the prosecution must either enter the information as evidence or delete it, either way it would be revealed to the citizen that this information was requested.

        1. Charles 9 Silver badge

          Re: @Repeat (pete 2) The law is not the answer

          Thing is, what if the government you describe gets overthrown and the new leader(s) simply say, "Unlock everything or your family will have never existed." The main problem with your system is that it has to rely on perfect trust. Once the trust is broken, anywhere along the line, it's in the open again.

          That's always been the big problem with encryption. At some point, for the data to be usable, it has to be DEcrypted. and that's where you're most vulnerable, because THIS is where trust comes in.

          Thing is, we're just about at a point where you can't trust ANYONE. Which means it can all boil down two one of two scenario. Either we go into total paranoia, and all socialization will cease because we can't trust anyone, or we surrender to the inevitable result of a world where trust cannot be guaranteed: sooner or later (usually sooner), no secret will be safe and pray that civilization doesn't hinge on a secret.

          1. Crazy Operations Guy Silver badge

            Re: @Repeat (pete 2) The law is not the answer

            If the government gets overthrown, I don't think privacy is what I'd be worrying about, besides the intelligences services already have all that information anyway and its not like that will change any time soon. My system doesn't rely on perfect trust, just that you'd only need to trust one person rather than the plethora we do now, and the system I propose would give the people we already trust with our data less of it.

            And yes, there are problems with encryption, but I:d rather have it stay encrypted for most of the data's life than not all; I don;t want to wake up one day to find that some jobsworth has left an unencrypted drive full of my information on the bus.

    2. Andrew Orlowski (Written by Reg staff)

      Re: The law is not the answer

      "So how would an average guy "defend" his rights to his data?"

      The same way the law favours you when the Daily Mail steals your photo. Cheap and easy access to justice, with the deck stacked in your favour. I think you're struggling with the concept here a bit because you don't actually know what property rights you have today.

      You are right about the individual being sovereign in the correct model - you just don't need a single physical point of failure - your ownership (as with copyright ) is automatic.

      1. Pete 2 Silver badge

        Re: The law is not the answer

        > I think you're struggling with the concept here a bit because you don't actually know what property rights you have today.

        A fair point.

        The difficulty is: knowing which of the outfits that you allowed access to your privates, did the dirty on you. For example, say I received a dozen of more spams saying "Happy birthday Pete 2, not that you're getting on a bit, would you like to take out our special old-people's life insurance. If you apply today, we'll send you a free bus-pass holder".

        Now there would probably be many organisations that have either been given my date of birth, or that could have inferred it. For example: Amazon getting lots of gift-wrapped orders (I wish) to my name and address. Unlike the example of the Daily Wail using my photograph, I wouldn't necessarily know who had leaked my personal data.

        There is also the issue of scalability. Even if there was a route to cheap justice and a swift judgment, would that process still work when every citizen had several outstanding claims against multiple infringers: each of whom was located in a different country and had an interest in having the proceedings held in their own home country. I can see a situation where the legal process might only take 5 minutes, but there is a 6 month wait for your 5 minutes.

      2. Brian Miller

        Re: The law is not the answer

        "The same way the law favours you when the Daily Mail steals your photo."

        You mean like the fellow who finally won out against the Daily Mail, but it took years? (There's too many search hits for the Daily Mail stealing photos.) Sure, the law favors your, but it will take a lot of effort, and it definitely isn't as easy as clicking through a few forms and getting a payout.

      3. Charles 9 Silver badge

        Re: The law is not the answer

        Trouble is, what if BOTH sides claim ownership? Then it's big guy vs. little guy again, and the big guy has all the lawyers. They can come up with the legally-verifiable claims of ownership, real or made-up. Plus they may even be able to subvert the legal system itself. It's just straight out bullying, and he has your lunch, a bat, AND a posse. Anything YOU can assert, THEY can assert with more force (and even if you strip rights from businesses, what's to stop them creating a "designee"?).

      4. PassiveSmoking

        Re: The law is not the answer

        How can somebody who writes such cynical claptrap be so naive? Even if you technically have legal recourse against the DM for publishing your photos and/or making scurrilous accusations against you, by the time the legal system has ground into action the damage has already been done.

        Suppose the DM publishes your photograph in an article about suspected paedophiles, naturally you're outraged and take them to court. As they have no proof to back up their claims and because they violated your privacy unfairly you prevail in court and possibly win a juicy payout that more or less covers your court costs.

        However, the damage done to your reputation is permanent. The news article will still exist somewhere, and it will still insinuate in writing that you're a paedophile with your photo attached. While the paper will probably also be forced to publish a retraction and an apology, they never exactly go out of their way to call much attention to them. You'll get some tiny correction printed in tiny print in the hopes nobody notices it, and nobody probably will.

        Meanwhile, the thought implanted in the public mind will linger in some corners and you'll probably never escape it. There's no legal way (or indeed physical way that I'm aware of) to erase the population's memory.

    3. John Brown (no body) Silver badge

      Re: The law is not the answer

      "We already know that personal privacy comes a long way down the list of most people's priorities - as most (rightly or wrongly) don't consider it to have any value and so far they haven't been proved wrong."

      Millions of customers of Target might have recently received a wake up call. As have millions upon millions of other people who have been the victims of massive data thefts. At least, those who actually read/watch/listen to the news or were contacted by the data holders. Assuming those victims actually understand that it was their data that was stolen and that they are the victim,not the company who let the data be stolen.

      Oh, hang on. Yes, you are absolutely right. Almost no one values personal data because even when vital data like their own credit card number is stolen, most don't think that is something worth seriously considering.

    4. itzman

      Re: The law is not the answer

      The answer is to start an IETF RFC for a massively secure public/private key transaction at the raw packet level, and a DNS and proxy system that could be built to make it massively hard to track packets, with them being routed around the 'net in short term one time hops that would subsequently vanish.

      We did this with frequency hopping spread spectrum radio for anti-surveillance: we should do it for all traffic on the net.

      That solves the man in the middle issue.

      AS far as compromised end points go, physical security and proper monitoring of the traffic in and out is probably the best response.

      That doesn't stop massively expensive targeted surveillance from cracking codes or penetrating 'targets of interest' but it would make routine surveillance of everything impossibly expensive.

      And some of what has been revealed is frankly impossible: unless disk manufacturers are prepared to reserve several times a disks capacity for the retention of all the data on it that has ever been written and subsequently erased, its not going to be able to store it.

      Firmware hacks that 'transmit all the data over the internet' require at least a suitable amount of bandwidth to transmit it with.

      So monitor it. If there is a background dribble of data going out over the internet, find it.

      The point is that to respond to this sort of compromising, requires active methodologies by the whole IT community at every level. You may compromise most of the tools used to detect intrusion, but not all, and the moment one exploit is discovered, the damage done to the whole brand if a particular piece of hardware is found to have back doors, would be massive.

      The point is ultimately that we are not at the mercy of large corporations and the shadowy government agencies. So long as engineers have tools to analyse data flows or Bioses to fix problems, they can disassemble anything they care to.

      And the people in charge of the surveillance themselves (as Snowden shows), are not immune from attacks of conscience - or indeed being paid to reveal what some other party is anxious to see revealed.

  5. Anonymous Coward
    Anonymous Coward

    Paul Crawford sez "As for the spooks, well they get laws made up to suit what they want to do, so none of this would make any difference."

    And when they don't, they just change their 'percepted meaning' ie surveillance is not surveillance unless an analyst sits down and actually looks at a persons data and then checks off that it has been looked at.

    My concern is not with Silicon Valley, I have the option to not use their shit.

    Avoiding the NSA / GCHQ or w/e is far more difficult.

  6. Ian Michael Gumby Silver badge

    @Andrew Orlowski


    It only took you 6 months to figure out and write about this. ;-P

    Not that I disagree with you on anything that you wrote, but the biggest reason why the likes of FB and Google are protesting so much is that it uncovers the amount of spying that they do.

    Visit a web page? Google knows about it.*

    Run a search? The odds are Google knows about it. **

    Want to read a news article from a site like the WSJ or from a paper like the Tribue (Chicago & LA) or even Huffington Post? Log in to Facebook to authenticate you as a real person.

    The point is that you can't avoid these companies capturing data about you.

    The irony and hypocrisy is that while many are 'outraged*** at the NSA data slurp, the same information that people want to keep 'private' they routinely and freely share with companies, and even the companies send out annual privacy statements on how they will use the data that they capture.

    The biggest irony? The NSA could have actually purchased the data from the likes of Google, Facebook, and the telcos all legal and above board.

    I wonder how many would feel then?

    * Assuming you're not running NoScript and you shut off any JS code that reports to google or shares data with google...

    ** Assuming you use Google Search (which most people do)

    *** Merkel should get the German equivalent of the Oscar for her performance. What? Foreign companies spy on other Foreign companies? Say it isn't so?

    1. Andrew Orlowski (Written by Reg staff)

      Re: @Andrew Orlowski

      Only since last year :-)

      Without property rights there won't be any privacy. Google knows this as well as the NSA.

      1. Destroy All Monsters Silver badge

        Re: @Andrew Orlowski

        Begging the question of whether "copyrights" are "property rights".

        "But... MUH PROPERTY, PIRATE!" "Fuck you, this is MY harddisk!"

        See the difference?

        "Property rights" and "Privacy" are completely orthogonal things. And so are "Copyrights". Mashing all this up into a guacamola ain't helping nobody.

      2. Sean Timarco Baggaley

        Re: @Andrew Orlowski

        Really? It took you long enough. I've been saying this for ages.

        The Internet was designed to be inherently 'trusting'. It's never been fit for its current purposes, and there are no signs of this changing. I therefore don't put anything on the Internet that I want to keep secret.

        The NSA, GCHQ and their peers spy on people? Who knew? Oh right: I did. So did anyone else with more than two brain cells to bang together. They're spy agencies! Spying is what they do! Spying on their own citizens was also a wholly predictable result of the US PATRIOT Act and its foreign equivalents: It's hard to spot home-grown terrorists within your own borders if you don't do it and the UK certainly has form: the IRA and UDF were rather into setting off bombs and murdering civilians until relatively recently. Both groups were operating inside the UK's own borders. Spain and France also have similar experiences, with the former having to face the Basque separatist group, ETA.

        The only thing surprising about Snowden's "leaks" is that so many people were so shockingly ignorant about what these agencies actually did for a living. What did you people think they were doing all day in those vast buildings? Watching porn?


        All those GPL variants so beloved of the GNU and many members of the FOSS communities? Without IP laws, they're not worth the rusty iron they're stored on: Copyleft cannot exist without Copyright. Without IP laws, without the pillars that support Copyright Law, no license agreement can be enforced: counterfeiting would be effectively legal for everyone. Even the Creative Commons movement relies on existing IP law to enforce its own licenses.

        So, yes, IP law is needed – or a very near facsimile offering similar features. (I'm not convinced of the validity of software patents, for example. And the USPTO really needs a major overhaul.)

        What we need are standardised Open Formats. If we can store our personal profiles in standard formats, they become much, much easier to trade. We could trivially leverage our personal data, and there's no need for micro-payments to do so either: "Do ut des." The personal data is the payment. Make this the price for "pro" services and we can choose whether to pay that price. Offer a cut-down, genuinely "free" service tier, then use it as a 'teaser' service to entice users to make that choice of their own volition. Give people the choice.

        (Okay, I won't be interested myself, but I'm sure plenty of people will be more than happy to do so. As anyone who's ever looked at Facebook or Twitter can attest.)

        1. M Gale

          Re: @Andrew Orlowski

          All those GPL variants so beloved of the GNU and many members of the FOSS communities?

          Copyleft was invented to subvert copyright. I don't think the originators of that license would care too much if "intellectual property" as we know it completely ceased to exist.

          Me, I can understand the advantage of some kinds of limited copyright. However "intellectual property" is, as I continue to maintain, a cancer.

          Though what this has to do with the NSA spying on people, privacy in general or the tendency of large corporations to be obsessed with spying on their customers, I have no idea. It's an Orlowski article. I get the feeling he'd blame "the freetards" for shooting John F Kennedy, if he could.

          1. Kristian Walsh Silver badge

            Re: @Andrew Orlowski

            "Copyleft was invented to subvert copyright. I don't think the originators of that license would care too much if "intellectual property" as we know it completely ceased to exist."

            That, I'm afraid, is nonsense. You need to read Stallman's original article on GPL, rather than the projections of other people's Marxist fantasies onto it. Copyleft is an exercise of the intellectual property right of copyright, not a replacement for it.

            Without copyright, GPL works would be no different to Public Domain works... there would be absolutely no legal comeback against someone who breached the copyleft terms of a Free Software licence.

            1. M Gale

              Re: @Andrew Orlowski


              The simplest way to make a program free software is to put it in the public domain, uncopyrighted. This allows people to share the program and their improvements, if they are so minded. But it also allows uncooperative people to convert the program into proprietary software. They can make changes, many or few, and distribute the result as a proprietary product. People who receive the program in that modified form do not have the freedom that the original author gave them; the middleman has stripped it away.

              Though you are probably thinking of the following paragraph:

              Copyleft is a way of using of the copyright on the program. It doesn't mean abandoning the copyright; in fact, doing so would make copyleft impossible. The “left” in “copyleft” is not a reference to the verb “to leave”—only to the direction which is the inverse of “right”.

              See, I don't read that as "abandon all copyright". I read that as "abandoning the copyright on your product as a way of putting it into the public domain". Abandoning all copyright would mean that "proprietary", ie uncopyable, products would be impossible to legally enforce, and there would be no need for copyleft. Therefore, copyleft is invented as a means to subvert (or perhaps invert) copyright. Therefore, I don't think the people who invented copyleft would be all that bothered if the notion of intellectual property (note I did not say 'copyright' there, two very different beasts) went out of the window.

              There is also the very second sentence in the GNU GPL preamble:

              The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users.

              Sounds pretty hippy-dippy-free-love-and-pass-the-flowers-around to me.

              Of course I guess we would have to get an answer straight from Stallman, ESR or the various other GNU guys' mouths, to know for certain.

        2. Ian Michael Gumby Silver badge

          @ Sean T ... Re: @Andrew Orlowski

          First, I've known about some of the stuff the NSA/CIA/etc has been doing over the past 20+ years. As you say, anyone with a brain and the ability to read would know that. (Or at least suspect what they were doing without actually knowing what they were doing. )

          But its only been 6 months since Snowden did his massive dump. And by dump I mean pinch a loaf on the US.

          To your point: "What did you people think they were doing all day in those vast buildings? Watching porn?"

          Actually some do. We all know that the internet was created so that geeks can get their full share of porn in the privacy of their own home. We also know that its probably the easiest way to get your PC infected. Or to pass encrypted messages in a photo. So yes, the NSA does watch porn. (Hey! if I was in the NSA, that would be something I would do... ) [And I think NCIS or some other TV show mentioned this... ]

          I suggest you look at the Creative Commons. You are still giving a lot of rights away.

  7. Anonymous Coward
    Anonymous Coward

    " least the NSA is subject to democratic scrutiny..."

    Really?!? Are you joking or is this just deliberate misinformation?

    Secret courts: Maybe you could explain how exactly they're subject to "democratic scrutiny".

    Here's some examples of how secret courts stop the sky falling in:

    PS When is theregister forum going to be fixed to allow hyperlinks for anonymous contributors. And the details on how to do it, clearly published.

  8. Mystic Megabyte Silver badge
    Big Brother


    All of our computers and phones are now relegated to Fisher-Price toy status.

    They are only suitable for watching mainstream video and light browsing.

    Do not use your computer for any form of business or private communication.

    2013, the year that the "Paperless Office" finally died.

    1. Anonymous Coward
      Anonymous Coward

      Re: Toys

      That means you'll be forced to go out in the open...right into the view of satellites and security cameras. Don't think they're stupid enough to tap just electronic communications.

    2. Anonymous Coward
      Anonymous Coward

      Re: Toys

      Do you think that John Chen might have a point about BES 10 and BlackBerry messaging security, then?

      Did I see a picture of Frau Doktor Merkel with a BlackBerry phone? And the Danish PM?

      Just don't sideload anything Android, folks.

  9. Destroy All Monsters Silver badge
    Big Brother

    Way to miss the point and foobaring it

    The ridicule is thoroughly justified, for trusting giant corporations - whose business models rely on selling your identity to advertisers - to safeguard your privacy is like hiring a kleptomaniac to guard the sweet shop.

    The very second paragraph mixes up privacy violations by companies and privacy violations by state. While the first are a nuisance, the second get you into a concentration camp. They are not the same at all.

    Then talking about how "copyright" has been "weakened" (what? I must have been dreaming the last twenty years) and can be applied to the problem at hand, while it is basically a state-granted monopoly that state can give a flying fuck about is sadly jumping the shark.

    1. Anonymous Coward
      Anonymous Coward

      Re: Way to miss the point and foobaring it

      Mr. Orlowski can rest assured, nobody is going to weaken the copyright. Au contraire :

      the fact that Curious George will not go into public domain until 2053 should offer him much needed relief.

      1. Anonymous Coward
        Anonymous Coward

        Re: Way to miss the point and foobaring it

        Copyright will be extended indefinitely. There is no way Hatch will allow Mickey Mouse to enter the public domain.

  10. Carpetsmoker

    Democratic scrutiny?

    `Yet at least the NSA is subject to democratic scrutiny.'

    To paraphrase Arthur Ford: `This is obviously some strange usage of the word "democratic" that I hadn't previously been aware of.'

    Almost nothing of significance about the NSA is known. Not even how many people work there or not what the budget is. How can I, as a citizen, scrutinize something I know almost nothing about?

    Secret government, such as the NSA, is by it's very nature anti-democratic, It's a few chosen ones deciding what's good for the people at large, it's the exact opposite!

    1. Anonymous Coward
      Anonymous Coward

      Re: Democratic scrutiny?

      You don't have to scrutinize it yourself, this is a job for the incompetent, ignorant members of the US Congress.

    2. Anonymous Coward
      Anonymous Coward

      Far from prefect

      To paraphrase Arthur Ford:

      Any relation to Arthur Dent ?

  11. Brewster's Angle Grinder Silver badge

    If I take a photo of you, then, in the UK, as I understand it, you have no property rights. I can do with that photo what I will; in particular, I can sell it and make money. (Even in jurisdictions where a model release is necessary, it doesn't affect the properties rights.) If I was an expensive lawyer, I would make a similar argument about much of this data: a server log is a facsimile of your actions made by me; it is my property to dispose of as I will, subject to privacy legislation.

    1. Arcadian

      Not true that subjects of photos have no rights

      If I take a photo of you, then, in the UK, as I understand it, you have no property rights. I can do with that photo what I will; in particular, I can sell it and make money.

      This is only true if you take the photo in a public place. Otherwise:

      i) If you take it in my house, or while you are on my property, you need my consent.

      ii) If you take it on someone else's land/property you need their consent. But even that may not always be enough; see this page.

      iii) If I commissioned you to take it, although you keep the copyright, you cannot publish it or exhibit it, etc (applies to wedding photos, for instance); see Copyright Designs and Patents Act section 85

      So there are restrictions. And restrictions could just as well apply, or be made to apply, to a server log.

  12. Anonymous Coward


    "The EFF and ACLU each bagged $1m from the settlement, which for the EFF was more than it raised in donations. And it has some pretty wealthy donors.

    So the poachers are paying off the gamekeepers."

    Dear Andrew, I couldnt care less if they are funded by "the industry", the EFF and the ACLU do more for the privacy uf the US citizens than an articulist sitting on his confy chair...and you "forget" to say that Microsoft and Apple have been around before Google and Facebook.

  13. Anonymous Coward
    Anonymous Coward

    Corporatism enabled by legal fictions, deception, lies, and fraud.

    It would appear that we currently live in a world plagued with institutional fraud, and much confusion abounds about what is real, and what is fiction.

    It was fraud to ever state that a legal fiction, like a corporation, could ever be a person (with bogus Common Law and Legal rights), and that a living human being could ever be treated as a legal fiction corporation (with bogus Legal Commercial liabilities), especially for irrelevant contracts; this is the fault of the corrupt(ed) legal profession, and 'authority' corporations like governments etc.

    All acts, bills, statutes, and regulations are legal commercial instruments, /not/ laws, even if they use the word law; they are either redundant to Common Law, or at least partially unlawful, and many are completely unlawful; worse, the legal profession routinely uses deception, or outright lies, to confuse the two, to trick living human beings into (often assumed implicitly) consenting to harmful legal contracts and legal arbitration e.g. for bogus rights, bogus crimes, and bogus judgements. Some legal events are not even courts, let alone courts of Common Law; you will often not know the difference, unless you learn some legalese and how to challenge them; on my to-do list :)

    If a living human being breaks Common Law at any time, in any role, they should always face a proper Common Law Court, then maybe a Legal Commercial Court, and not be allowed to hide behind fictional legal entities like Corporations, or bogus legal rights; government agents included!

    I don't see how trees and rivers can have legal rights because that would be further unlawful legal overreach, and I doubt they can have Common Law rights, so they are probably property of a person, or persons under Common Law.

    1. Intractable Potsherd Silver badge

      Re: Corporatism enabled by legal fictions, deception, lies, and fraud.

      Well said, AC! The elephant in the room is the equivalence of commercial entities and individuals in the eyes of the law. Commercial entities should be regarded as being made up of individuals, and individuals should have primacy in any action where commercial entities can reasonably be recognised. If that was the case, many of the current problems would go away.

  14. Steve Davies 3 Silver badge
    Black Helicopters

    Yet at least the NSA is subject to democratic scrutiny.

    This is a good one. At first I thought that it must be April 1st.

    Please get used to the fact that the NSA is the US Government despite what those silly fools in congress andtheir puppet president my tell us via the press.

    let me repeat that.

    NSA == US Government.

    They want something and congress says how high shall we jump in order to give it to you?

    Perhaps these ------------------->

    will have a night off on new years eve.

  15. Hungry Sean

    right problem, wrong solution

    By the end of the first page I was shocked that this might finally be an Orlowski article I fully agreed with. Of course, the usual libertarian nonsense got trotted out at the end as the solution and normal service was resumed.

    Besides the fact that copyright protection (at least for major corporations) is in a stronger position than it has ever been, there's nothing that prevents Google from requiring me to "grant them a non-revocable interest in my data privacy". Same crap as now. As Pete 2 and Ian Michael Gumby above point out, individual rights are only as strong as the ability of the individual to fight for them.

    Seems like the pattern that has worked in the past to reign in bad practices from large industries, be they food manufacturing, alcohol, medicine, finance, or housing has been to create specialized regulatory bodies with regular audits. It isn't perfect, it's expensive, and justice can be slow. On the other hand, I can drink a carton of milk without testing it to see if it's been "supplemented" with Melamine. I can open an account with any FDIC listed bank and not need to worry about a run in the next financial crisis. I can buy a bottle of hooch and not only know that it isn't going to make me blind and crazy, but I can trust the ABV numbers to keep my consumption sane.

    A data privacy ensuring agency would certainly be a challenge to create as the technologies, policy issues, and business processes are all quite complicated, but I don't think there's a simpler solution. Having everyone go through the equivalent of a witness protection scheme every few years as suggested previously would be harder still, prohibitively expensive, and would likely be more disruptive and unpleasant to the people being located than having Google and Facebook pimp their data.

    1. PyLETS

      Re: right problem, wrong solution

      "A data privacy ensuring agency would certainly be a challenge to create"

      Some of the work has already been done: The Data Protection Act and the ICO. But this existing framework needs strengthening, including better-defined data protection rights which individuals can enforce through the courts directly. That's not easy however it's done, due to freedom of press issues and the need to hold the powerful to account. We wouldn't want to see a newspaper prevented from publishing a photo of a politician e.g. accepting a bribe, either due to IP law giving the politician ownership of the photo of himself, or by strengthened data protection law with similar effect.

      Better to use the beginnings of a process designed and intended for data protection purposes as opposed to retrofitting discredited and already highly confusing IP law which never had this intention. I suspect Andrew is going down the latter route to try to reverse the tide of popular dislike of IP law by giving more individuals a stake in it.

      1. Intractable Potsherd Silver badge

        Re: right problem, wrong solution

        " I suspect Andrew is going down the latter route to try to reverse the tide of popular dislike of IP law by giving more individuals a stake in it."

        I had a very similar thought. AO is trying to persuade us all that we need his extreme version of IP law (which has never been used, or intended to be used, to protect privacy). I almost choked on my bacon buttie when he referred to the "weakening of copyright"!!!

  16. Dodgy Geezer Silver badge

    So what's to be done?

    Er.... two things.

    1 - Actually start to gather a language and a set of rules so that we can talk about the balance between freedom and state power. Political philosophers and Constitutional theorists will help us here, but I see no sign that anyone wants to start up this technical debate. Nonetheless, it's essential to have proper foundations before you start to set up rules.

    2 - Close down the First World's intelligence infrastructure. There is NO NEED for it. There WAS a need, back in 1943, when all the major countries were fighting a no-holds-barred world war. It may be reasonable to have extra-legal and dictatorial rules in such a situation. But we are NOT in such a situation now - no matter how hard NSA/GCHQ tries to pretend otherwise. People may certainly try to let off bombs or shoot people - this should be dealt with using normal police procedures, and the police should be given what support they need in doing this. But the critical difference is that the police have to build a legal case and have it examined in open court. And so long as the intelligence community do not do this, they will remain a danger to social liberty...

    1. Anonymous Coward
      Anonymous Coward

      Re: So what's to be done?

      "Close down the First World's intelligence infrastructure"

      Unfortunately the activities of our governments (and our armaments, oil and "security") industries in the Middle East have created the need for the infrastructure. If sufficiently paranoid, one might speculate on the degree of job preservation by the MIC that Eisenhower warned us about.

      We have kindly provided the jihadists with advanced technology which requires technological counter measures, and have periodically prodded the two wings of Islam with favouritism or sanctions so as to keep them in ferment. A bit like the UK in the reign of QE1 when there were Catholic nobles taking money from the Spanish to try to take over the country, and Protestants trying to prevent them - and that was another period of extensive government surveillance. Note that I'm not even mentioning Israel as a factor in this, because compared to the Sunni/Shi'ite conflicts we've engineered, it's a drop in the bucket.

      It's like the job preservation of the California Prison Officers Union that lobbies for longer sentences for just about everything; if you do it right you create a climate in which the policy you want becomes necessary, in a kind of reverse estoppel.

      The next big challenge is going to be the prevention of a Northern Ireland situation in parts of England, where Middle Eastern wars are played out by proxy. And that will justify all kinds of snooping. Not because the snoops are at base enemies of democracy, but because they can see promotion, pay rises, and unsackability as the ultimate goals. Money and security are at the root of an awful lot of human activity.

      1. Marshalltown
        Thumb Down

        Re: So what's to be done?

        You may want to reread some history. The Sunni and Shiites have been in conflict longer than the Catholics and Protestants by several centuries. Various outside interests may very well have taken a hand in conflicts between the two in the hopes of an advantage here and there. That is not "engineering" a conflict, merely opportunism - well opportunism like throwing gasoline on a fire. The fire was already alight though, and there was and is no sign of it dying down.

  17. moiety

    > Yet at least the NSA is subject to democratic scrutiny.

    Don't think so. The bits of NSA that Snowden has outed are subject to an insincere apology and a beeline for the nearest loophole; but I don't think that counts as either scrutiny or democratic. And I'm sure that there is a large unseen part covered under 'operational' and 'top secret' etc. that isn't subject to any scrutiny at all.

  18. John Savard Silver badge


    However dishonest Google and Facebook might be, the claim that making it easier for record companies and movie studios to protect their cash flows and business models will help protect our privacy also at least appears to me to be on the disingenuous side.

    Theoretically, copyright law could be used as a basis for some protections of privacy, but the odds of that happening in practice do not look good.

  19. Gannon (J.) Dick

    "Optional" sounds just right.

    Wonderful article, Andrew.

    In a much better world than we have, Silicon Valley would not be run by self-absorbed control freak sociopaths. In a perfect world Economists would be capable of machine assisted long division too. Statistics has gone dreadfully wrong on us.

    First, a quick look at a Population Clock will tell you that every fifth "birth" is no birth at all ...

    rather, every fifth (or so) addition to the (US) population was a faceless unknown before and now has full rights. It all takes a minute and a half. Bigotry is being done in by alacrity.

    Second, "The News" increases the frequency with which random horror is brought to our attention, which renders non-random horror less vainglorious with diminished pride in ownership.

    Peace on Earth, Goodwill Toward Men, etc. may be our (Baby Boomers) last best bet for making an impression on the History Books.

    1. Fazal Majid

      Re: "Optional" sounds just right.

      Your smug, narcissistic, self-righteous and self-indulgent generation has caused enough damage already. That's why it's Millennials like Snowden who have to clean house.

      1. The Real SteveP
        Thumb Down

        Re: "Optional" sounds just right.

        Actually I think you'll find that the majority of people who have caused the problems - those that started Google, Facebook, etc, and run marketing companies - are in fact post 'baby boomers' who only understand the fact that what they want, they should get (whatever the cost to others), and have lost their moral compass.

        It is in fact the post baby boomer generation that is smug, self-righteous and self-indulgent and working for GCHQ and the NAS, Google, etc... My generation's (so-called 'baby boomers') mistake was to allow principles and respect for others to be thrown out with the baby's bathwater and replaced with a set of 'human rights' so vast that each impinges on those same rights of others. Individual rights are now more strong than those of majorities, so killers and thieves (including corporates and religions) have no fear of reprisal and society in general is the worse for it.

      2. Gannon (J.) Dick

        Re: "Optional" sounds just right.

        Your smug, narcissistic, self-righteous and self-indulgent generation has caused enough damage already. That's why it's Millennials like Snowden who have to clean house.


        If we (the Establishment du jour) are training talented young people to clean other people's houses then apparently we have not done nearly as much damage as we are capable of, he said smugly, narcissistic-ally, self-righteously and self-indulgently.

    2. Intractable Potsherd Silver badge

      Re: "Optional" sounds just right.

      "... every fifth (or so) addition to the (US) population was a faceless unknown before and now has full rights. It all takes a minute and a half. Bigotry is being done in by alacrity."

      I've looked at that page, and still can't see what you are talking about!

  20. Fazal Majid

    Chaff is the solution

    The Silicon Valley privacy monetization industry and the NSA/FBI surveillance-industrial complex may be equally dangerous to privacy, but conflating them is simplistic. They are culturally, generationally and geographically thousands of miles apart. If you look at who has been eagerly cooperating with the NSA (as opposed to complying under duress with National Security Letters), it is Telcos, who are centered primarily on the East Coast and Texas.

    Curbing the NSA's unconstitutional abuses is going to be difficult, will take years and will require working through the political process - there is no other way, technological countermeasures alone can't make a difference against an opponent whose R&D budget probably eclipses the entire tech industry's.

    The way to fight against the privacy-infringement industry is technological: better cookie-filtering software like, along with as-yet-to-be-written big data sabotage tools that poison the well for data brokers by pumping fake data into their user profiles, thus rendering them worthless. I can easily imagine browser plugins that click on random links in the background to obscure what you are really interested in. People tend to overestimate the power and robustness of statistical techniques, they are actually very vulnerable to noise and deliberate info-chaff. Legislative and administrative approaches like Do Not Track won't work because there is no practical way for the government to monitor compliance, just see how Do Not Call failed to curb the most egregious telemarketers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Chaff is the solution

      I was able to suggest "data-pollution as a citizen response to pervasive surveillance" to a senior UK ICG Spook, who winced convincingly, having tried in vain to assure me that the UK 'had never done mass surveillance,' 'doesn't do mass surveillance,' and 'never will do mass surveillance' That natural human response to a currently legal counter-strategy made my otherwise useless meeting with the intelligence collection group worthwhile.

      Since this conversation, several years ago, I've been trying every technique to ensure that my online national security data profile contains some data automatically generated , not reflecting my actual work or thoughts, is it 5% level? or is it around 20%? NSA/GCHQ can't tell, and the same goes for the commercial amazon/google footprint! I can't disclose all my strategies, there must be plausible fake-data developed at depth, with multiple independent levels of poisoning.

    2. Charles 9 Silver badge

      Re: Chaff is the solution

      The thing is, we're already working pretty hard on chaff-filtering and finding ways to distinguish the output of a machine from that of a human. IOW, we're making the Turing Test more difficult.

      But perhaps an alternative solution. Suppose everyone pools assorted bits of identity (it can be their own stuff but need not be; they can make stuff up), THEN use those bits randomly to fill out identity forms. Since each bit comes from a human, it'll be more difficult to differentiate, yet because they're all shuffled around, they're essentially worthless.

      Two problems I see. One is that matter of trust again. To alter existing identities (which we'd need to create constant churn to make the identities worthless), we'd need to be able to trust the randomizer with access to our accounts. Second, the site owners can begin verifications. Financial sites already do thus, usually by law, by requiring official identity documents and/or correspondence sent to physical addresses.

    3. Anonymous Coward
      Anonymous Coward

      Re: Chaff is the solution

      Chaff - randomish false data - uncorrelated with your thoughts and ideals - is not only brilliant as a reply strategy. It also gives deniability to (some of) your IPv6 signed evidence data packets. This approach to TLA needs depth, deployment and to operate at multiple independent levels to avoid trivial filtering.

    4. This post has been deleted by its author

  21. Denarius Silver badge
    Thumb Up

    step back a bit here


    article is a good start, except IMHO, you assigned cause a step too late in process from citizen to data point. The Si valley mob, then the spookeries had the concept of the person as mere data sources or less from the economic reductionists who trained the puppet masters of the Shrubs and Raygun. The idea of the citizen and a common welfare was lost in the false economic emergencies of the 1980s that saw massive outsourcing and sell off of public assets cheaply. By then the simplistic idea that nations and societies are _only_ markets had a strong hold. The marxists are more at fault here because ownership of society's markets is their main focus at heart. With the loss of the general concept of citizen being replaced by consumer, it was a small step to economic unit, then mere data unit. After that, the rest was easy.

  22. Don Jefe

    Onus of Defense

    There seems to be a fundamental misunderstanding of how laws work going on here. It's the same flawed assumption politicians make all the time and it has disasterous consequences.

    A law, any law, has the power to dictate or control the actions of anyone. A law defines what actions a society deems unacceptable as well as the punishments for those behaviors in one is found to be engaging in those actions. The key point there is 'found to be engaging in', law and the consequences it defines are backward facing by default. A law breaker, a criminal, is free to commit crimes if he chooses. The consequences of being caught are a risk the criminal must assess on their own, but again, there is no mechanism to prevent them from perpetrating a crime.

    Assuming you find the above valid, who is responsible for the protection of your property? If you answered anything except you, the property owner are responsible for protecting your property you're obviously not paying attention to the myriad of defensive property protection actions you take everyday. The protection of property is a major focus of resources wherever property is recognized as a thing. If laws actually prevented crime you would have no keys (at all, zero keys) no PIN's, no photo ID, no State issued unique identifier. The world would be unrecognizable if property did not require your protection.

    Before I take this to its conclusion, let me state that I abhor the scale and intrusiveness of government and commercial data collection and the incredibly unbalanced nature of IP. Here comes the crappy part and it must be addressed: Governments and corporations are defending their property with all the data privacy crap. Governments are protecting their power and corporations are protecting their existence through financial capital as a defense. They feel they have to do those things because they know law itself is not an active defensive measure. They know they've got to provide their own protections.

    Now ask yourself what you're doing to protect yourself... If it's writing letters to Ministers and Congresspeople wanting more laws then you aren't doing much now are you? Are you utilizing all the free services available online in exchange for only your data? Are you getting discounts at the grocers as a member of a club or 'points' with airline, hotel and rental car companies? Using credit or debit cards? I doesn't sound to me like you're doing much of anything to protect your data/property.

    Since the concept of convenience was developed it has always had an incredibly high price tag attached to it. It still does. All commerce thrives on that fact, make something easier and people will pay dearly for it. You're under no obligation to use those conveniences, if you feel the price is too high don't use them. That's your defense and ultimately your only offense. You have no right to a convenient existence, you must pay for it.

    State collection of information is a thornier problem, but if you aren't providing data to the commercial entires you've effectively removed the biggest collection point for the State, they already know everything else about you.

    There's a very flawed idea that one must choose sides in a battle. That's absolutely untrue, you can remove yourself from the conflict entirely. Sure, there's a price to pay, but there is always a price to pay for any action you take. Is the price too high? That's completely on you to decide.

    1. Anonymous Coward
      Anonymous Coward

      Re: Onus of Defense

      "There's a very flawed idea that one must choose sides in a battle. That's absolutely untrue, you can remove yourself from the conflict entirely. Sure, there's a price to pay, but there is always a price to pay for any action you take. Is the price too high? That's completely on you to decide."

      That assumes that the battle allows for neutrality. This isn't always the case. Total war adherents, for example, would take a strict "for us or against us" attitude and assume neutrality to be equal to hostility. There are also debates and moral issues for which there is no neutral ground and attempting to take no stance forces you to assume some stance by default.

  23. Sandtreader

    Irony not lost

    Interesting article - made all the more apposite by the Skyscanner advert (via Criteo) that appeared to the right of it which is offering me the same flights I searched for yesterday.

    Do as I say?

  24. ysth

    Andrew, can you explain

    Andrew, can you explain how the EFF is "waging a ceaseless war on the individual's digital rights"?

    With examples?

  25. Matheus

    The best way to make things as difficult as possible for NSA is to move to Linux and open source software. After all - Windows and Apple ecosystems are just Gulags. Don't play too close with Google too though Microsoft is the worste of all them.

    1. PyLETS
      Big Brother

      OSS insufficient

      "The best way to make things as difficult as possible for NSA is to move to Linux and open source software."

      Necessary but very far from sufficient. Learn to run your own server and configure simple routers also and how to use crypto, as a starting point. Reason most Linux users still use corporate-controlled servers is due to lack of knowledge concerning how to configure own services.

      1. Charles 9 Silver badge

        Re: OSS insufficient

        And that's assuming none of the HARDware you acquire has been bugged by the NSA or some counterpart elsewhere.

        1. PyLETS
          Big Brother

          Re: OSS insufficient

          "And that's assuming none of the HARDware you acquire has been bugged by the NSA or some counterpart elsewhere."

          Indeed. Little the typical user can do against hardware implants at the individual per user level e.g. caused by MI5 black bag jobs or intercepting a Amazon/Royal Mail delivery and messing with it. More feasible for user communities of particular devices to ensure these implants are not mass manufactured into the regular stock hardware.

          With the latter threat in mind, the more people who are able to load OSS operating systems on stock hardware, e.g. replacing Android with CyanogenMod, or BusyBox based router OSS replacements makes it harder for NSA sponsored mass hardware manufactured vulns to hide. Use of IDS such as snort and Wireshark to catch unauthorised network packets originating from tested hardware and publishing discovery of such will embarrass offending manufacturers into developing quality assurance processes which mean what they say, or risk losing too many customers to more secure and quality conscious competitors.

          1. Charles 9 Silver badge

            Re: OSS insufficient

            "With the latter threat in mind, the more people who are able to load OSS operating systems on stock hardware, e.g. replacing Android with CyanogenMod, or BusyBox based router OSS replacements makes it harder for NSA sponsored mass hardware manufactured vulns to hide."

            That still wouldn't do much against a true black bag operation that hides in an ancillary hardware chip (like the radio chip). The chip would be impossible to update, essential for operation, ubiquitous enough to be practically everywhere, and a trade secret to the manufacturer so there will be no useful information on it. No amount of source code inspection will help against it, and since the tech goes into patent-protected grounds, it's not legally feasible to roll our own solutions.

  26. This post has been deleted by its author

  27. Potemkine Silver badge

    Good try to promote copyrights law

    ...but it seems far fetched to me.

    About privacy and data protection, you should study the french law "Informatique et Libertés" . This law should be extended as an EU regulation, to assure european citizen the privacy protection they deserve.

  28. Sirius Lee

    The premise of the argument is wrong

    The author asserts that we are giving up something of value and that we should charge but micro-payments are not feasible. But are being paid. We use search engines for free.

    Yes, it doesn't cost much for Google or Facebook or Bing or Yahoo! or... to serve up a page of result in response to a query or process an email. But it does cost something. That something is the micro-payment. It's the quid pro quo for the exchanging personal information for a search result.

    An alternative is that individuals pay for searches so that they are not required to give up their data. However there seems to be no appetite among regular people for a subscription model. People like this author and many of the commentards here rail against intrusion but the average Joe and Joanna doesn't seem to mind so much. I'm sure the author will argue that's just ignorance. But really most people don't have much to hide.

    In the UK you can watch advert subsidized TV or pay your TV license fee and watch the BBC advert free. There is no TV service which offers a free advert free service. And of course not, it costs to produce TV 24/7 and that money has to come from somewhere. It's the same with the internet.

  29. itscoldhere

    It's too late already...

    Isn't this whole argument moot? Every government or corporation that is interested in you already has reams of data about you. Locking everything down might help with the privacy of as yet unborn children, but for the rest of us, it's far too late.

    Even if your elected, 'democratic' government was not deeply complicit in this situation, there's no way that all the money behind the lobbyists/bribers would let them pass meaningful legislation to protect you.

    Best to accept the fact that you're screwed already, and move on.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019