back to article Prez Obama cyber-guru: Think your data is safe in an EU cloud? The NSA will raid your servers

A former White House security advisor has suggested that you, dear reader, are naive if you think hosting data outside of the US will protect a business from the NSA. "NSA and any other world-class intelligence agency can hack into databases even if they not in the US," said former White House security advisor Richard Clarke …

COMMENTS

This topic is closed for new posts.
  1. Gray
    Big Brother

    Message from US to EU:

    "You can run ... but you cannot hide!"

    1. Anonymous Coward
      Anonymous Coward

      Re: Message from US to EU:

      Message from EU to US:

      Still want Silicon Valley companies to sell in the EU?

      Seriously, though, there is in principle no difference between protecting your IT from hackers and from the NSA, only that the latter plays more dirty. There are few more defensive strategies out there, and the NSA knows it, hence this war of psychology to make people just give up (similar to what the US has been doing with privacy).

      Don't give up. If they want a fight, they can have it. You and your customers all have rights, defend them and get your politicians to grow a spine (or do fewer things they can be blackmailed with, of course).

      On a less aggressive note: has anyone noticed what is happening to US passport holders abroad?r Nowadays, it's easier to get a bank account with Nigerian passport than a US one...

    2. Destroy All Monsters Silver badge

      Re: Message from US to EU:

      1) "You can't do anything against us, lube up"

      2) "If you want to do anything against us, deep down it's just about filty lucre anyway, so don't"

      That guy sure is a piece of work. A mix of narcisissm, american exceptionalism, belief in the omnipotent state and hypocrisy. And a desire to keep going on the useless talking heads roundabout.

      But he's right. There *will* be lubing up. EU behaviour on subjects as diverse as FATCA and Ukraine says so.

      1. solo

        Re: Message from US to EU:

        Sad but true: next they are going to force all the multinational companies which want to open a single office in US (almost all as US might be the ground for their branding) for giving access to their data even if that is offshore.

        1. Anonymous Coward
          Anonymous Coward

          Re: Message from US to EU:

          they are going to force all the multinational companies which want to open a single office in US (almost all as US might be the ground for their branding) for giving access to their data even if that is offshore.

          That's what a good privacy strategy is for. It starts with "if you have a US HQ, you're pretty much hosed, so let's move that first". Once you have decision power relocated outside the US, you leave a subsidiary in the US whose access to data from there is pretty much segmented away from the rest of the corporation. Then you go through the corporation country by country and clean up any residual leverage (a classic example is having a dependency on a US provider, or US investors which can be blackmailed with the promise of eternal IRS investigations).

          The entertaining issue is that this idiocy is putting the whole of Silicon Valley at risk (an issue they are now trying to plaster over with all sorts of excuses). Companies there already have SERIOUS problems selling in Europe, and it's only going to get worse because the Safe Harbor fix has now also been exposed for the irrelevance it is..

      2. Yet Another Anonymous coward Silver badge

        Re: Message from US to EU:

        He is , however, one of the few people in government being honest and truthful about any of this

        1. Anonymous Dutch Coward
          Coat

          @ Yet Another Anonymous coward: Honest government employee!??

          That's why it says "former" in the article ;)

    3. Anonymous Coward
      Anonymous Coward

      Re: Message from US to EU:

      Well, the message confirms the fundamental basis of the idea to move abroad.

      We all know that if we becoma a target, the hit is likely to be successful. That has not changed since the days when intelligence services were opening letters sealed with a wax seal with a heated thin blade. Nothing new here.

      That "targeted" approach however, requires a target selection and resource for _EACH_ and _EVERY_ target. That is finite resource. Even NSA cannot hack everyone abroad.

      Compared to that - the ongoing attack on all local targets under jurisdiction is a constant resource. Different ball game altogether.

      1. Squander Two

        "That targeted approach"

        > That "targeted" approach however, requires a target selection and resource for _EACH_ and _EVERY_ target. That is finite resource. Even NSA cannot hack everyone abroad. Compared to that - the ongoing attack on all local targets under jurisdiction is a constant resource. Different ball game altogether.

        Exactly. He's obfuscating the controversy by claiming that it's about the NSA. It isn't. It's about Congress and the White House.

        I'm a strong supporter of spying agencies breaking the law -- I'd rather they break laws than that laws be changed to allow spying, as the latter leads to a ridiculous petty police state, with, for instance, local authorities legally spying on parents to check they're in the right cachement area for their kids' school. If what they're doing is illegal and they can get in trouble if caught, that's a very sensible and effective check on their behaviour: they only do stuff if it's worth that risk. What Congress and the White House did was remove that check -- in the Land of Checks & Balances, no less. Ha!

        Also, if the spies are breaking the law, their targets are allowed to avoid them. Sure, the NSA can hack a server in Sweden, but the owners of that Swedish server are allowed to stop the hack if they detect it, they're allowed to upgrade their security whenever they want, they're allowed to install a new server without the same vulnerabilities, forcing the NSA to go to the effort of hacking all over again. Again, that effort is a check on their behaviour. I prefer that to the current US system, where the owners of the servers are legally obliged to give a direct feed of all their data to the NSA, no hacking required.

        A lot of IT-illiterate members of the public aren't seeing these distinctions, which is fair enough, but I hardly think this bastard is one of them. He's just lying about what the controversy is.

        1. Thomas 4

          "We're going balls deep into your data...

          ...and there's fuck all you can do about it."

        2. Intractable Potsherd Silver badge

          Re: "That targeted approach"@ Squander Two

          That is one of the most insightful comments I've seen for while! Thanks for those thoughts that I'll probably recycle somewhere else.

          1. Squander Two

            Re: "That targeted approach"@ Squander Two

            Too kind, sir.

  2. Sanctimonious Prick

    Follows Night

    Follows Day.

  3. Salts

    Yes we know you...

    can hack into overseas databases, what's your point? The point of having data in the country of origin is that, you will have to hack into it, not have it handed to you on a plate.

    1. Zippy's Sausage Factory
      Thumb Up

      Re: Yes we know you...

      So many times I read these forums and someone just said exactly what I was about to say...

    2. Flat Phillip

      Re: Yes we know you...

      It's the difference between your data being wholesale tapped "because we can" with no warrant versus a specific hack that, presumably, had a little more judicial rigor around it.

      Given all these revelations, if you keep data in the US you can pretty much assume at least the metadata has been scanned and possibly stored. Anything outside the US is probably going to be at least a little, if not a lot, better than this poor standard.

      1. dan1980

        Re: Yes we know you...

        @Flat Phillip

        "It's the difference between your data being wholesale tapped "because we can" with no warrant versus a specific hack that, presumably, had a little more judicial rigor around it."

        Actually, I think it's pretty much the other way around: spying on your own citizens, while easier from a technical perspective, seems to be more rigorous from a legal perspective*. So far as I know, I don't believe a US court would be likely to rule that collection of European data from a European server violates anyone's fourth amendment rights!

        I don't doubt that there would be some processes around such 'hacking' but I doubt they would be 'judicial' in nature.

        * - By relative measures, of course.

    3. Anonymous Coward
      Anonymous Coward

      Re: Yes we know you...

      In addition to this, by depriving big US corporations of income by hosting outside the US, they will put more pressure on the US govt to change as it is costing them $$$

    4. dan1980

      Re: Yes we know you...

      @Salts

      Right on.

      Moreover, as such actions do not, in any sense, fall under the jurisdiction of National Security Letters and suchlike, a hosting provider in Luxembourg (for example), is fully within its legal rights to communicate any such breaches to its customers and the world at large.

      Data being moved from US-controlled servers changes the game from "grab what we want, under full protection of the law and with little chance of exposure" to "make a conscious decision to breach foreign owned and run servers, risking discovery and public condemnation".

      Of course they are clearly doing this already so it's not something they are adverse to but there is a big difference between lawfully requesting/receiving data from a company compelled to secrecy and silence and clandestinely breaking into foreign-controlled servers.

    5. Eddy Ito Silver badge

      Re: Yes we know you...

      Perfectly said. If I may sum up: "Dear NSA: Work for it, bitch!"

      1. JonP

        Re: Yes we know you...

        >Perfectly said. If I may sum up: "Dear NSA: Work for it, bitch!"

        Or more likely - Ask your buddies in GCHQ etc.

        1. Androgynous Cupboard Silver badge

          Re: Yes we know you...

          Given our recent behaviour, I'd be surprised if the UK was invited to join any pan-european data warehouse...

  4. DougS Silver badge

    I'll bet they'd have a harder time hacking into one in China

    That might be a better place to keep your cloud data even as (or especially as) a US citizen/company. Sure, the Chinese can definitely access it, but if you store encrypted data it is probably safe. I think they'd have much less chance of breaking the encryption than the NSA.

    Thus, encrypted data is probably safer sitting on a Chinese server with the Chinese equivalent of the NSA trying to crack it as it would be on a US or EU server with the NSA/GCHQ trying to crack it. As a US citizen, this is a very sad state of affairs to admit.

    1. Yet Another Anonymous coward Silver badge

      Re: I'll bet they'd have a harder time hacking into one in China

      If you are a US political group, environmental campaigner, 99%-er, pro-gun etc etc, then you are probably better keeping your data on a Chinese server than a US one.

      The cold war was a bit of a waste of time and money wasn't it?

      If you are a European aircraft/car/software/phone maker then you don't want your data on a US/UK server or a Chinese one. Does Nigeria do cloud hosting?

      1. Eguro

        Re: I'll bet they'd have a harder time hacking into one in China

        Fragment your data and store one useless and encrypted half (in tiny bits) on various US servers and one useless and encrypted half (in tiny bits) on various Chinese servers. Total security.

        1. DougS Silver badge

          @Eguro

          That's a great idea, but may I recommend one change? Don't fragment your data, store two complete copies, each XOR'ed with the same random data, so it can only be reconstructed on your end by XOR'ing the two together. Let the NSA and the Chinese each go crazy trying to decrypt something utterly impossible to decrypt!

          Someone should write a Linux FUSE driver for that...

          1. Charles 9 Silver badge

            Re: @Eguro

            Not impossible. Once one realizes you need the other copy, they'll just hack into EACH OTHER. Which they've already been doing.

            1. DougS Silver badge

              @Charles 9

              I left unspoken the obvious fact the data would be encrypted before being XORed with random data.

              So someone wanting to get your stuff would need to successfully hack into a US and Chinese cloud provider, and crack the encryption.

              I think that makes it impractical for a "let's capture everything" type of attack. If you attract their interest, they won't bother with any of that. The fastest way to break encryption is with a rubber hose, after all.

              1. Charles 9 Silver badge

                Re: @Charles 9

                So someone wanting to get your stuff would need to successfully hack into a US and Chinese cloud provider, and crack the encryption.

                You forget the very real possibility the NSA and its chinese counterpart routinely hack into EACH OTHER. Meaning it's passing fair one encounters the other's file, puts two and two together, and obtains a copy of the other's file, reducing the number of places you have to hack. Furthermore, merely finding something like this would likely draw an investigation into who did something this elaborate.

          2. Keep Refrigerated

            Re: @Eguro

            You're onto something here, what about an encryption method that splits the data up into a large chunk and a smaller chunk - like a keyfile for ssh? Is there any program that already does something like that?

            You can stick the small chunk on usb and simply store the larger chunk in any cloud.

            1. Eguro

              Re: @Eguro

              That's an even better idea, if feasible.

              Could also word for businesses I imagine - depending on how big the small file would need to be. One local server, the rest in a cloud.

              I second the question: Is there any program that already does something like that?

              1. Charles 9 Silver badge

                Re: @Eguro

                As I understand it, there are encrypted filesystem programs already in existence that can operate on a file image. A CLOUD file image could perhaps be done in a stretch. As for the other piece, that's just a keyfile, and you can make that just about anything of your choice. As for hardening the image file, many of them can use multiple algos for extra strength. It reduces the throughput, but with a cloud file the network is the bottleneck anyway.

              2. Adam 1 Silver badge

                Re: @Eguro

                Truecrypt already does this.

                http://www.truecrkeyfiles/docs/keyfiles

                1. Eguro

                  Re: @Eguro

                  @Adam 1 If you make the url something I can make work, I promise I'll also upvote your new comment

                  1. Adam 1 Silver badge

                    Re: @Eguro

                    Cool. Bonus vote

                    http://www.truecrypt.org/docs/keyfiles

      2. Anonymous Coward
        Anonymous Coward

        Re: I'll bet they'd have a harder time hacking into one in China

        > Does Nigeria do cloud hosting?

        For heteros, yes.

  5. Adam 1 Silver badge

    >"If you think passing a law making data localization a requirement in the EU or Brazil [...] stops the NSA from getting into those databases, think again."

    That is excellent. hosting in the EU or Brazil is not going to make the job of our beloved acronyms any different so they are offering no opinion about where we host. Got it!

  6. Christoph Silver badge

    MRDA

  7. Mephistro Silver badge
    Devil

    Dear Mr. Clarke:

    "If you think passing a law making data localization a requirement in the EU or Brazil [...] stops the NSA from getting into those databases, think again."

    If you think data localization in Europe won't cause your operational costs and the risks your operatives incur to increase tenfold , think again.

    1. Intractable Potsherd Silver badge

      Re: Dear Mr. Clarke:

      But, according to one line of thought, increased budget and more staff are the way to make a certain type of management slime very, very happy!

  8. John Smith 19 Gold badge
    Unhappy

    Like most crime you can't stop a *really* determined criminal.

    But you can make them think it's too much trouble and go after easier prey.

    That works for me.

    Actually it's about both the bottom line and privacy.

    Because if you're a European business whose IP has military applications (and with the right PoV that's probably damm near everything) having your IP passed to some BFF corp of the NSA means you could be out of business.

    I suggest that cheap cloud deal does not look quite so cheap now.

    1. solo

      Re: Like most crime you can't stop a *really* determined criminal.

      "..if you're a European business whose IP has military applications.."

      Friend, may I suggest a more subtle phrase: "If you're a European Prime Minister whose talks have nationwide applications.."

      1. Ben Bonsall

        Re: Like most crime you can't stop a *really* determined criminal.

        "If you're a European Citizen who was telling their mother about what they had for dinner and sending a picture of the cat..." :)

    2. Anonymous Coward
      Anonymous Coward

      Re: Like most crime you can't stop a *really* determined criminal.

      Because if you're a European business whose IP has military applications

      One would hope you airgap your information inside your company premises, so hacks are only possible from on premises. Then vet and audit your staff.

      1. Charles 9 Silver badge

        Re: Like most crime you can't stop a *really* determined criminal.

        As if that's stopped the NSA before. Remember Stuxnet? It penetrated an airgap...

        1. Anonymous Coward
          Anonymous Coward

          Re: Like most crime you can't stop a *really* determined criminal.

          As if that's stopped the NSA before. Remember Stuxnet? It penetrated an airgap...

          I never said it would stop the NSA, it would however stop an awful lot of people, and make it harder for those who wanted to try, like the NSA.

    3. Anonymous Coward
      Anonymous Coward

      Re: Like most crime you can't stop a *really* determined criminal.

      "Because if you're a European business whose IP has military applications"

      How about rephrasing that:

      "Because if you're a European business whose IP could be serious competition for a US company"?

    4. Adam 1 Silver badge

      Re: Like most crime you can't stop a *really* determined criminal.

      >But you can make them think it's too much trouble and go after easier prey

      As the joke/adage/saying goes in at least one variant.

      Don't try to outrun the lion/bear/[any Australian animal except some of the sheep]. Try to outrun the guy behind you.

  9. Anonymous Coward
    Anonymous Coward

    Your data

    is probably marginally safer on a US based service. There are limits to NSA activities at home, but none on their activities abroad. And most of the rest of the worlds state backed eavesdroppers are more domestically focused.

    1. John Smith 19 Gold badge
      Unhappy

      Re: Your data

      "is probably marginally safer on a US based service. There are limits to NSA activities at home, but none on their activities abroad. And most of the rest of the worlds state backed eavesdroppers are more domestically focused."

      Wrong.

      A by definition if the billing address is abroad it's probably a furriner and if the servers are in the US THE PATRIOT Act dumps the 4th amendment

      Or did you not realize that, Mr AC?

      1. Anonymous Coward
        Anonymous Coward

        Re: Your data

        John Smith Impressive. No doubt your knowledge of American constitutional law is only surpassed by your knowledge of network security.

        Please enlighten us how exactly the patriot act trumps the US fourth amendment. Citing precedent would be just lovely.

        1. Charles 9 Silver badge

          Re: Your data

          They don't have to trump it. They just IGNORE it: "Ink On A Page". It's not like you can vote in anyone else to replace them (no one even gets on the ballot unless they're in on the plot). And the average American is to apathetic (or busy trying to earn a living) to organize a massive uprising a la Kiev.

    2. Anonymous Coward
      Anonymous Coward

      Re: Your data

      If you're putting data on a US based service from anywhere in the EU, GCHQ and the NSA have a full copy of your data. Did everyone miss the revelation that every single packet passing over a long distance fibre link in or out of the UK is being caputured? Did everyone miss that GCHQ and the NSA have systemically undermined encryption systems?

    3. Daniel B.
      Boffin

      Re: Your data

      The point is that NSA (and pretty much any other agency) can simply send a secret FISA warrant and seize all the data by themselves. They don't need to hack stuff within their borders, they already have the omnipresent power there. That's why lavabit shut down.

      Same thing applies to CBP, they can simply dump all your HDD's contents for later "research" if they want to at customs. This is why I had to delete sensitive client data before traveling to the US; I'd be involuntarily breaking NDAs just by entering the US. Extra points as the CBP power was given by a judge during a pedophile case, so it gets the added "for the children" mantra used instead of going after "terrists".

  10. Marketing Hack Silver badge
    Black Helicopters

    NSA to world...

    "If you think that anything is going to change, think again. Well, maybe now we'll buy your data a drink before we screw with it."

    Well, its the response I expected. Previous posters are right to say that at least this will make the NSA work harder to do the same job.

  11. Mr. Chuck
    Go

    Them's fightin' words

    That would be an act of war these days wouldn't it?

    1. Anonymous Coward
      Anonymous Coward

      Re: Them's fightin' words

      It'll take a few years, but if something doesn't change you'll slowly see an increased focus from European consumers on buying non-american stuff. It'll be like a weird form of continental commercial nationalism.

      Hopefully stuff will change, but it seems unlikely anything will happen till money stops flowing.

      1. Anonymous Coward
        Anonymous Coward

        Re: Them's fightin' words

        It'll take a few years, but if something doesn't change you'll slowly see an increased focus from European consumers on buying non-american stuff. It'll be like a weird form of continental commercial nationalism.

        That has already been happening for a few years, not in the least helped by the IRS hunting tax dollars abroad (which brings them less than they spend on investigating, but IMHO it appears it's the fear they're after, not the money). In IT, there is already extreme weariness using US kit (the simplest example is Huawei vs Cisco), in banking they don't even want to *touch* a US passport holder anymore because they cost more in compliance than they bring in revenue, and a US accent is no longer certain to produce a positive reaction - most try to hide it now.

        It's interesting how a nation can turn its citizens into unwanted pariahs abroad.

        1. Nick Ryan Silver badge

          Re: Them's fightin' words

          It's interesting how a nation can turn its citizens into unwanted pariahs abroad.

          For quite a while now there appear to have been considerably more Canadians travelling around than (US) Americans. Although their passports tell a different story.

          1. FutureShock999

            Re: Them's fightin' words

            Most Americans abroad sport Irish passports anyway....

        2. Shrimpling

          Re: Them's fightin' words

          "a US accent is no longer certain to produce a positive reaction - most try to hide it now."

          You mean it did produce a positive reaction before? Wow!

  12. James Anderson

    the old our nukes are bigger than your nukes argument

    For a country that basicly on the side of the good guys the septics make themselves very hard to like. Even there closest allies are starting to say what they have felt for a long time. Basically that they are a bunch of arrogant pricks who don't give a shit about anyone except a few thousand voters in a few swing states.

    The guy seems to be setting himself up as a tea party candidate. His next argument will probably run "all data was created by god and right thinking godfearing american citizens should have access to it all"

    1. Mephistro Silver badge
      Thumb Up

      Re: the old our nukes are bigger than your nukes argument

      "...all data was created by god and right thinking godfearing american citizens should have access to it all"

      Thumbs up for the Tropico 4 quasi-reference.

    2. Daniel B.
      Black Helicopters

      Re: the old our nukes are bigger than your nukes argument

      To be honest, the US already had accumulated a lot of bitterness during the Cold War, so much that a good chunk of their current problems are caused by their past evils.

      - Iran? They CAUSED it, along with the UK, with Operation AJAX. So much that said operation is no longer considered a good thing as it basically triggered a series of events that caused the Islamic Revolution and turned Iran into the US-hating, religious-zealot-run country it is today.

      - Most of Latin America suffered bloody tyrants and South America in particular had at one time a CIA backed dictatorship in most of its countries. Ever wonder how Chavez got to be President in Venezuela? That's why. Having a US hating prez is the new cool in most of South America.

      - The Iraq WMD lie basically killed whatever goodwill was left in the remaining part of the world that didn't have a grudge against the US. Dubya's Administration foreign policy brought hatred to the US and the whole NSA/PRISM thing was just the finishing touch to all that.

      It is indeed sad to see this happen, given that the US at one point was the shining beacon of freedom during the 19th Century. Today? Not so much.

      1. John Smith 19 Gold badge
        Unhappy

        Re: the old our nukes are bigger than your nukes argument

        "- The Iraq WMD lie basically killed whatever goodwill was left in the remaining part of the world that didn't have a grudge against the US. Dubya's Administration foreign policy brought hatred to the US and the whole NSA/PRISM thing was just the finishing touch to all that."

        You missed the estimated $13T (that's a 13 with 12 0x) that the US is estimated to have stolen from the Iraqi economy.

        Starting with the cost plus sole supplier contract award by "Gin Rummy" Rumsfeld through a trusted stooge subordinate when he was SecDef.

        Would I be p**sed off if I was an Iraqui growing up in post invasion liberation Irqaq?

        F**k yeah.

  13. Anonymous Coward
    Anonymous Coward

    Surprised he didn't threaten to hand out smallpox-laced blankets as well.

    Worth noting that the GCHQ are right beside the NSA in all their questionable protectionism.

    1. Eponymous Cowherd

      "Worth noting that the GCHQ are right beside the NSA in all their questionable protectionism."

      I think you will find that GCHQ are trotting along behind the NSA wagging their tail and waiting to be told to go fetch in the hope they get a pat on the head and a tasty treat.

  14. hplasm Silver badge
    Alert

    Sauce for the goose.-

    Legalise hacking USA servers.

    If that doesn't work, invalidate US patents in EU.

    If that fails, invalidate US copyright in EU.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sauce for the goose.-

      Legalise hacking USA servers.

      Interesting approach to reciprocal treatment - after all, the NSA's activities abroad were declared perfectly legal under US law (as far as I can follow it), so it's indeed a viable "reap what you sow" option.

      We should also fingerprint anyone who leaves the US.

    2. Frank_M

      Re: Sauce for the goose.-

      Invalidating patents and copyrights of U.S companies in EU. would have no effect.

      If fact it would only assist Berry in his mission to destroy U.S. business.

      He would spin it as more redistribution to his freeshit army.

  15. Anonymous Coward
    Anonymous Coward

    Requests for information, FOI act

    Dear GCHQ

    Having forgotten my password for my lineone account, I dont suppose you could nip in and click the 'forward mail' option could you. Usual addy please, which no doubt you know. If you havent got that info could you ask NSA for me as I dont know who to contact there..

    TVM,

    UK minion

  16. Will Godfrey Silver badge

    This simply underlines the bullying arrogance of these people.

    There are very many SF stories going back decades based around the idea of America isolating itself from the rest of the world. They are all looking rather prophetic now.

    1. Mike Smith
      Mushroom

      And at the end of that road lies...

      ... North Korea.

      I doubt they'll intentionally isolate themselves; rather, they'll just gradually piss their erstwhile allies off more and more until suddenly they realise that the world's moved on without them and they aren't so relevant any more.

      Remember when the USSR collapsed in 1991? I wondered then who the Yanks would point their guns at next. This is the huge problem they have - two generations of military and security people who were brought up in the Cold War era and taught to regard the Soviet Union as The Enemy (TM). Now the USSR has collapsed and the threat of Mutually Assured Destruction has receded (not completely gone though), they're left in positions of power facing a world order they're quite incapable of dealing with.

      So they're falling back on their Cold War training. Iraq is a classic example of that strategy. As they're struggling to deal with the today's challenges, all they can do is do more of what they already do, oblivious of the fact that they're turning the United States into a xenophobic bullying pariah in the process. They don't know, or possibly don't even care, that throughout the world, friendship is developing into suspicion, suspicion into dislike and dislike into full-blown loathing.

      Well done, Vladimir. Looks like your side won, after all.

    2. John Smith 19 Gold badge
      Unhappy

      @Will Godfrey

      "There are very many SF stories going back decades based around the idea of America isolating itself from the rest of the world. They are all looking rather prophetic now."

      "The Cold Peace" is the backdrop to Vol 1 of James Blish's "Cities in Flight" series.

      A totalitarian theocracy in the US is a key feature of RA Heinlein's "Revolt in 2100," which given the SEL nature of some of these jokers is starting to look like a real piece of "future history."

  17. The BigYin

    Statement of the bleeding obvious

    "NSA and any other world-class intelligence agency can hack into databases even if they not in the [USA]"

    Yeah, we know. That is why we are so pissed of with the USA, UK, and all the other USA lackeys.

    So much for defending freedom.

    Arseholes.

  18. SolidSquid

    "NSA and any other world-class intelligence agency can hack into databases even if they not in the US"

    Didn't the US say that they would consider such actions by a nation state to be an act of war at some point last year? Or was that only building of viruses to target systems they were referring to?

    1. Anonymous Coward
      Anonymous Coward

      > Or was that only building of viruses to target systems they were referring to?

      Not if it's done by Israel, because Israel can do no wrong; no matter how many people they murder.

  19. Anonymous Coward
    Anonymous Coward

    If you have data that you want to keep confidential, don't store it on a server owned by somebody else. It really is that simple. As soon as the data leaves your own systems, you have no control over where it goes and no control over who can access it. You might be under the illusion that you do, but in reality you don't.

    At that point you have to have complete trust in your cloud provider, and every telco that carries your packets, and every one of their employees and subcontractors, and the government agencies of every country where the cloud provider and telcos have datacentres.

    If you are going to store sensitive data in the cloud, you might as well just post it on facebook.

  20. Rob Carriere

    "The United States government has to get out of the business – if it were ever in the business – has to get out of the business of fucking with encryption standards," Clarke said.

    No, Mr. Clarke. The United States government would have to be seen and believed to have gotten out of that business. Regardless of your political stance on the whole matter, that is going to be a Herculean task in the current environment.

  21. photobod

    The lady doth protest too much.

    Well, perhaps not a lady in this case, but a spy telling everyone not to bother to take any defensive actions, because they'll just bypass them anyway, does sound just a bit like someone trying to control with misinformation.

    1. John Smith 19 Gold badge
      Unhappy

      @photobod

      "Well, perhaps not a lady in this case, but a spy telling everyone not to bother to take any defensive actions, because they'll just bypass them anyway, does sound just a bit like someone trying to control with misinformation."

      Yes. It's a variation on an old psychop speech I used to give.

      My punchline was whenever someone tells you this why are they telling you this?

  22. OhDearHimAgain

    its always about the bottom line...

    The US have been using their hacking to pass commercially sensitive information to US firms to give them a competitive advantage.

    So where's the difference?

  23. Anonymous Coward
    Anonymous Coward

    Exceptionalism

    Just about everything we do is intended to give the US a commercial advantage. That's the natural order of things. But if you do it, that's an attack on our fundamental freedoms (Star Spangled Banner, much saluting, waving of Mission Accomplished placards, reading of US Constitution, laying of wreaths by the NRA at the Zimmerman Memorial).

  24. Sil

    Funny guy

    Clarke is a funny guy.

    NSA may hack into European based datacenters but it won't be as easy as forcing a US company to fork the data & mass surveillance will be largely out of questions without active European cooperation.

    In addition let's not turn the table. European companies are not using NSA as a marketing tool. The NSA clowns and the Fisa biggots created and maintained this American disadvantage all by themselves.

    Btw did fake President Obama offer the Queen of England an iPhone at the time based on NSA recommendations?

  25. Anonymous Coward
    Anonymous Coward

    I think he's missing the point

    Yes, the data might not be safe from the NSA, however you have legal cover in the EU if the NSA hacks into your systems to use it against you. In fact, it should be legislated that if that data is obtained illegally, then you cannot be extradited to the US imho. If we really wanted to escalate, you could consider having an EU citizen's (intellectual/virtual) property attacked by a foreign government's agency an act of war.

  26. All names Taken
    Paris Hilton

    1 lay your own cables

    2 don't use any public electronic network (the clue is 'public')

    So I suppose anything sent by public electronic network is not secure at all.

  27. Spanners Silver badge

    So the Answer is

    1. Nobody does any sort of business with the USA or its colonies.

    2. All copyrights, patents and licenses specifically exclude Gitmo Nation.

    3. We make it clear that we are happy at being friends or allies but they do not have rights over us.

    4. We regard their hacking us in the same way they would feel about it.

    So we would loose some market - after all the USA has nearly 4.4% of humanity in it. They aren't are rich and powerful as they used to be. They have been heading down since at least the start of the century and their military is doing to them pretty much what the USSRs did to them...

  28. arrbee

    So that kills off the NHS England 'care' database then.

  29. Anonymous Coward
    WTF?

    Soo...

    A thief telling us not to bother locking our doors?

    1. cyborg
      Flame

      Re: Soo...

      If you lock it he'll just have to smash the door down.

  30. Anonymous Coward
    Anonymous Coward

    No, no, guys, It's all good

    They are just protecting us from terrorism, you numbnuts. Where is Matt Bryant when you need him?

  31. All names Taken
    Meh

    Words to look out for part 2?

    When nations spake unto nations

    "We must therefore protect our interests in a country that is not ours"

    that is when to worry.

    (Just like Ruski spakes about Ukraine)

  32. Lamb0
    Big Brother

    It's All About Control, Taxe$, and Ex$pen$e$

    By "localizing", the non U.S. countries are better able to monitor their own citizenry, and retain taxable services within their own economy. This also enables the NSA to have centralized data collection points to simplify the monitoring thereby reducing the NSA's co$t. Many governments will hand desired data without a hack; and as most data isn't needed the NSA's searchability is improved at a reduced co$t.

  33. John Smith 19 Gold badge
    Meh

    Wonder who the gutless AC is ?

    And of course where they work?

    What sub basement for example?

  34. Anonymous Coward
    Anonymous Coward

    Message to the US from the US

    For me moving what tech I had from US to EU cloud providers wasn't ever about escaping illegal US military surveillance. It was about not rewarding US companies for aiding the military in their effort. To be blunt, it was about punishing those companies for betraying my trust by "voting with my feet". If some of the largest and most politically influential companies on the planet can't be bothered to bring that influence to bear in curbing abuse of their customers by the US military -- especially when it is clear that they would almost certainly suffer financially when their complicity became public -- then it seems to me that the only thing left for any of us to do is everything we can to make that worst case economic scenario a reality for them in the hopes that it will deter them from future bad behavior.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019