Bring on the Merkin bashing. Our %1ers have earned it. They don't care though because with two identical in all but rhetoric, political choices to distract the US populace I guess they could care less how the rest of the world view us.
The US Trade Representative is warning Europe not to proceed with the idea of EU data network services that don't cross the Atlantic. The idea of a European “walled garden” emerged in February amid rising anger over revelations that the NSA wants to listen to the whole world – and that its sweeps included snooping on German …
"I guess they could care less how the rest of the world view us."
I suspect they couldn’t. … Big-nosed Pengie
Quite so, Big-nosed Pengie, and their actions would appear to prove the evidence that they couldn’t care less. However, the madness and sadness in such a fact nowadays, whenever things are fundamentally changed and being changed constantly, is that they should, for the views that the world and worlds see of them is not good for them and those and/or that which presumes to lead them, and is no longer going to be accepted and tolerated by them, either domestically at home or on foreign soil in alien lands.
And do yourself a big favour and don’t even think about placing any bets on that bald headed chicken not coming home to roost and laying waste to its cuckoos’ nests, for you will lose everything you possess packing and backing a lame duck.
Hmmm? Are El Reg Internet Service Provision servers under FCUKGBNI jurisdiction and control or in the command of the foreign office and stealthy intelligence services in another jurisprudence/mindset? Not that it really matters a jot of course, whether one be either on or off course/line, whenever one knows what one is doing in such fields as be sharing sensitive compartmented disruptive and creative information.
And the Schengen cloud comes with pitfalls too. "We're a European company and for security we have used "Europe-only" data services. But now we want to open an office in New York/Shanghai/Singapore--so I guess we need to change”. …. Marketing Hack
Err …. Hmmm …. In that case I suppose systems need just a novel change and a new exchange for information and intel [iex]? ……. http://www.iextrading.com
Something which is not crooked and corrupted, so that all can flash crash and play fairly together …… http://www.nytimes.com/2014/04/06/magazine/flash-boys-michael-lewis.html
>"Could care less" or "couldn't care less"?
>Both are correct. One is a common expression, the other is grammatically correct. Take your pick.
Both are grammatically correct. (Both are even common expressions).
One (the latter) usually means just what the person intended to convey.
The other (the former) usually means the opposite of what the person was trying to convey but, having swallowed common expressions without digestion by brain en route to arse, aforesaid person is too thick (common British expression) to realise how illiterate and ignorant an impression they have just conveyed of themself.
Pointless as well. The NSA was specifically created to eavesdrop on electronics in places other than the US. Compromise a couple of installation points there and voila!
If you want your data kept private there's only one way to do it: encrypt it end to end at which point it doesn't matter whether someone is listening along the way. In the past this was an expensive overhead proposition for computers. I don't think it should be quite as much problem these days. The other bit is, you need to encrypt more of the traffic. Right now encrypted traffic draws extra scrutiny. You need at least 50% of the transit traffic to be encrypted, which means it needs to be the default instead of a drop down change.
Can't see what the fuss is about. The big boys quite surely already have servers in European space, it's just a matter of them making sure no Euro<>Euro comms ever leave the Euro part. Why would Uncle NSA be so pissed about Euro data not crossing over to any place they can tap it? Oh wait...
Then again, maybe people should just start using encryption instead of believing someone's (and insert whatever you want here) good intentions.
Heck, if everyone started using proper encryption, the noise would be so bad Uncle NSA would be driven to fallback into time honored targeted spying tactics instead of just slurping ludicrous amounts of data in the hope they catch something remotely useful.
(Congress might be happier too since targeted black ops must surely cost less than running their datacenters...)
We already have "E-Mail made in Germany", which DTAG, GMX and Web.de belong to, which send email between themselves in encrypted form and directly, not leaving German borders.
Obviously the whole thing falls down when you send an email to somebody who doesn't have a DTAG, GMX or Web.de account, if their servers don't accept encrypted mail headers, they have to send the email in the clear and if the address is hosted outside the EU...
"Why would Uncle NSA be so pissed about Euro data not crossing over to any place they can tap it?"
It seems "any place they can tap it" actually includes quite a lot of the EU anyway, between their UK base with GCHQ and various more covert efforts on mainland Europe.
Of course, *you* can put *your* mail server anywhere you like - but when you're communicating with a typical person with a Hotmail/Gmail/Yahoo address, *those* servers are in the US anyway (a quick trace route from the UK shows Hotmail mail going through routers in NYC and on to somewhere in California). Good luck getting the public to give up all their email addresses.
I have my own domain, so control everything about the inbound email routing. Where did I put it? New York, because I like the email service an Australian company - Fastmail, previously owned by Opera in Norway - offer. Yes, I could have bought hosting in Paris or Berlin, so a different set of acronyms got to snoop on it all, but I wouldn't see that as an improvement; given the choice, I'd worry less about the NSA than about their French or German counterparts anyway.
".....Why would Uncle NSA be so pissed about Euro data not crossing over to any place they can tap it? Oh wait..." <Sigh> And once again the sheeple fall in line and bleat in chorus. There is nothing to stop the NSA listening in to anything on the proposed Schengen network, either through hacking it to pieces, or the much simpler route of just asking the GCHQ to do it for them as - shock horror! - they ALREADY do now. There is a legitimate US business concern about protectionism - Deutsche Telekom are hot on the idea because they know they will be the lead on an European-only (which actually means 'German run') network, and bigger US telecoms will be excluded from bidding for the work. The equivalent would be the US kicking all foreign telecoms operators out of the States, I can imagine just how rabid the cries of protectionism would be from the EU then. But don't let that interrupt your anti-Yank bleating.
The UK is not part of Schengen. It is pretty clear that this Euro network would exclude the UK, precisely because of our Trojan Horse status.
As for "hacking it to pieces" that is as yet a straw man - it may be that there are plans for a secured network that is NSA/GCHQ proof.
And there is no legitimate concern about protectionism; national security trumps business interests. The US is currently "allied" to the EU but (asa French general pointed out recently) is far from being a "friend". If US business doesn't want to be excluded, they should do something about their government's spying.
"The UK is not part of Schengen....." Please try a little research before bleating - the UK is not part of the Schengen Area but is bound by the Schengen Convention as it is EU law as part of the Amsterdaam Treaty. But the linking of the Schengen Area and the proposed 'European network' has SFA to do with Schengen (at the moment it is just a few countries presenting the idea whereas the Schengen area covers 26 European states), it is simply a term ignorant journos have seized on because it has European connotations and also neatly implies an exclusion of the UK. Countries like Poland are not going to give Germany any form of control over their telecoms. However, even before the Amsterdaam Treaty is considered, the UK would have to be included as a country suitable for a bidding role under basic EU trade rules. Merkel can shriek all she likes, if she were to try and designate an EU member and NATO partner like the UK as 'hostile' security-wise she would only be giving the UK electorate another excuse to say "see, them Europeans just want our cash" and increase the chances of the UK voting to tell Brussells to go get stuffed. France might like that but Germany actually wants someone else around to help pay for the PIIGS.
".....As for "hacking it to pieces" that is as yet a straw man....." Yeah, it's not like the GCHQ and NSA have hacked the European telecoms already - oh, wait, they did! Or that the Europeans (including the Germans) are deeply dependent on intelligence derived from the actions of the NSA and GCHQ, so much so that any 'European-only' network would be given up to the Yanks at the design stage if only because of Putin's current antics and the nervousness of the Baltic neighbours in Germany's backyard.
".....asa French general pointed out recently....." The Fwench military are so rabidly anti-Yank I take anything they say with a pinch of salt. France sat outside NATO for years after de Gaulle threw a sulk over not getting equal billing as the Special Relationship gave the UK, and their continuous maneuvering to try and create an European Army is nothing more than an extension of that tantrum. The Fwench forces simply haven't got over the humiliation of 1940 nor the fact it was the Brits and the Yanks that had to kick the Nazis out of France in 1944. Then they had the further humiliation of having their empire given back to them by the Brits and Yanks, only to lose countries like Indochina, followed by the further humiliation of the US having to step in to try and clear up the mess the Fwench had created in Viet Nam.
It is even more hypocritical given the eavesdropping of Frenchelon. And that the NSA, KGB and Mossad are rumored to have extensively hacked that bit of European security, which does not bode well for the resilience of any 'European-only' network. Merkel is just trying to ride the wave of anti-Yank hysteria through a tough period at the polls, expect The Great European-Only Network to quietly die a death as soon as the press finds something else to spoonfeed the sheeple.
I am struggling not to be put off by the grammar, "see, them Europeans just want our cash" - in English we use "they" rather than the USA "English spoken by foreigners" dialect. Similarly, though not a great French admirer in certain respects (e.g. betrayal of their British helpers in the Middle East such as paying the Irgun and Stern gang to murder Britons during the second world war; hmm, bit like the USA supporting the IRA in their murderous campaign against an ally of USA), the babyish "fwench" says more about you than them.
Factually, the glorious forces fo the USA entered the war as late as possible and only then when attacked by Japan (until then, at least, their great and good such as Cheney were supplying oil and other goods to Germany). They were involved extensively in the last couple of years. But then American policy tried very hard to keep both Britain and France out of their colonies and extracted a high price in goods and money that has finally been repaid, in Britain's case, just a couple of years ago and there are still USA forces in Britain. Oddly, most money was poured into Continental Europe while more money was extracted from GB.
The French military attitude to USA seems a bit exaggerated, apart from the bit over colonies (and, with Britain, the Suez canal): France was a strong supporter of the American revolutionaries, complete with soldiers, weapons and money, as part of their N. American war against Britain and without which it is probable the revolution would have failed. Even now, France seems almost impossibly pro-USA and anti-British.
As for Vietnam, Cambodia and Laos: goodness, thank heavens for the Americans. What a wonderful job they did there, after helping the communists to oust France (not seen the photos of American chaps with the communists when France was still in Indochina?). So generous pouring all those chemicals and explosives over the region.
The Americans do need at least a solid signal of European irritation. I have not got a reference to hand; but I believe one item to come out of the recent revelations is how USA spying was used to get infomration from the makers of Airbus, including the partners in Britain, to feed back to the American aeronautics industry. One does ask oneself if GCHQ were so unaware or so Americanised in their attitudes that they missed this or if they are not the only channel open to the Americans.
As for Merkel's "tough period": I suspect Obama, Cameron and many others wish they had her position, both domestically and internationally.
As for "protectionism" and American complaints if their business in the European telecoms market was restricted: the USA does this all the time in all sorts of industries, from Pringle jumpers to who knows what, either explicit or bureaucratic barriers, enforced for them by WTO.
Anon as at w.
"We spy on you, you spy on us. Biggest difference I see is your guys are a bit better at it than ours are. Or at least they haven't outted themselves yet."
Nah, the biggest difference is that no other democratic country has built an infrastructure to allow them to spy on every human being on Earth.
"....has built an infrastructure to allow them to spy on every human being on Earth." Sorry to pop your bubble of shrieking, hysterical melodrama, but not even the NSA has or even plans to have the ability to spy on every human being on Earth. Even if you had chosen just every telephone conversation in teh World then the NSA would still be short of that capability for decades, if ever. To actually believe the NSA could analyse all the Internet activity just shows you let your paranoia over-rule your logical faculties. Please try researching just a few facts before your next shrieking fit, starting here (http://blog.qmee.com/qmee-online-in-60-seconds/).
You also fail to understand that a large amount fo the NSA and GCHQ activity happens as part of the joint intelligence efforts of NATO, whereas the Norks and Chinese only use theirs for suppression.
"You also fail to understand that a large amount fo the NSA and GCHQ activity happens as part of the joint intelligence efforts of NATO, whereas the Norks and Chinese only use theirs for suppression."
I see that shrieking bit of Yank-envy-driven denial was easier for you than admitting your didn't have a clue as to how much raw data is flying about on the Internet. And it is Yank-envy, you're one of those typical sheeple that wails on and on about how unfair it is that the US has so much money, that the US has so much influence, etc., etc. Are you Fwench, by chance?
We had a laugh the other day on the office with a challenge - name three famous Swedish pop groups, then name three famous French pop groups. The former is easy - Abba, Roxette, The Cardigans, Ace of Base, Swedish House Mafia, Avicii - the latter is nigh on impossible. Most of us mentioned Jean-Michel Jarre, wimped out with one-minor-hit Vanessa Paradis, and failed on the third. The reason is the Swedes are confident enough in their own identity that they can write music for the rest of the World in English, whereas the Fwench insist on their insular outlook and supposed cultural superiority. You are exactly the same - "must hate the Yanks because it's so unfair that they have bigger toys than anyone else!"
"....The equivalent would be the US not wanting any of their data to be routed through North Korea or China...." Please stop being so blinkered by your Yank envy - the US and most Europeans are members of NATO and therefore military (and, by extension, intelligence) allies. They have agreements for both the exchange of data on terror threats as well as criminal threats as well as extensive trade agreements which are intended to inhibit protectionism. Please do explain how that compares with the situation with China, let alone the Norks.
" Please do explain how that compares with the situation with China, let alone the Norks."
These two nations, like the USA, spy on allies, foes, and everybody else, including their own citizens. Like the USA, both nations don't only perform military espionage, but also industrial and economic espionage. Like the USA, their laws allow them to wipe their backsides with their own citizens rights, not to speak of everybody else's rights. None of these three countries has signed the Universal Declaration of Human Rights.
The main difference is that the USA has put in place an infrastructure that allows -or will soon allow- them to spy on everybody, non stop.
"Please stop being so blinkered by your Yank envy"
Yank envy? Yeah, and I also envy East Germany and the USSR, North Korea, and China, and all their perpetually happy subjects. And I should be happy watching while the biggest democracy in the world turns into a full blown dictatorship.*
*: Matt, just in case you didn't get it, the last paragraph is *irony*. You're welcome.
If the EU governments don't already have end to end encryption for intra- and inter-governmental communications, that's a massive fail. Ditto European companies. They have been aware since 1985 or thereabouts that networks can be tapped by bad actors. (Actually, make that 1974 for those that read The Ultra Secret, or 1945 for a lucky few.)
As others have pointed out, a geographically bound network is immaterial for general purpose traffic that either crosses the ocean anyway, or is subject to local surveillance anyway. Encryption is the only answer, and does not need a separate network.
Actually the data centers are cheaper than black ops. It's part of the reason we switched to them. Also, they tend not to have the same compromise issues. Granted Snowden changed that a bit, but only a bit. Even if he made off with tens of TB of data, there's 100s left and none of it is suspect from the spy's point of view. Whenever you run black ops you always run into issues of trust. Hence the tendency to select sociopaths who don't care even though in theory you're trying to weed them out.
The idea may seem, to those skilled in the art, as odd and redundant.
Quite the contrary, Richard Chirgwin, to those skilled in the virtual martial arts, for the idea is not at all odd or redundant, for it ensures and forces Uncle Sam, if he be in desperate need for a particular and peculiar sort of quantum communication [AI which be really great and exciting but also capable of turning astutely in an instant, and being, whenever deemed necessary, extremely bad and destructive] to pay for certain exclusive and proprietary disruptive information and/or constructive intelligence from foreign entities/alien bodies/persons of interest on the eastern side of the western pond and bleak tempestuous Atlantic, rather than thinking it acceptable to be able to phish and phorm it from ICT virtually for free. Those halcyon days are long gone. That is why the US Trade Representative is throwing toys out of the pram and thinking a tantrum appropriate.
However, all is not entirely lost, for such as those with a suitable security clearance and valid need to know and bulging fat wallet amongst the Wild Wacky Westerners in the Land of the Free can still have what they desire and/or vitally need, still virtually for free whenever they pass fistsfull of paper dollars/negotiable bonds to those who and/or that which can supply them with what Erotic Exotic Easterners/Euros are ...... well, being highly selective in providing.
Of course, it should not be lost on any or all, that such a simple relatively free virtual arrangement for payment in fiat paper currency of any denomination and hue, is easily made available to all in need of any kind of certain proprietary information and/or sort of sorted secret intelligence. And that is both the great abiding strength and persistent fundamental weakness in that remote global power reward system.
“Recent proposals from countries within the European Union to create a Europe-only electronic network (dubbed a “Schengen cloud” by advocates) or to create national-only electronic networks could potentially lead to effective exclusion or discrimination against foreign service suppliers that are directly offering network services, or dependent on them” the USTR thunders.
Indeed, Mr Thundering USTR, that be quite so, and it could lead to effective exclusion or discrimination against foreign and US service suppliers that are directly offering network services, or dependent on them, so Play Nice and Fairly and Avoid any Hassle is the Name of the New Great IntelAIgents Game in Town and of Paramount Importance to Never Ever Forget to Remember, WWWethinks.
IMHO the issue is very easy to summarise: either the US returns to a point where US service providers can only be forced to provide data through a legal path that requires probable cause, due process, avoids dragnet surveillance and is sufficiently transparent and accountable to re-introduce any trust in the US as a trade partner that can actually be trusted, or the US loses this business.
I predicted in January we'd face strong arm tactics, because US law makes it effectively impossible for US companies to credibly claim they can protect personal data up to EU standards. It's not that they don't want to, but they simply can't - federal laws leave US companies without any ability to protect themselves against official, yet unwarranted demands for access. This means that the whole of Silicon Valley is unable to supply services to EU companies that have a need to stay compliant with Data Protection laws, and that is absolutely correct - that's what they signed up for in 1948 with this whole Human Rights thing. It's not enough to pretend - it has to be done properly, and provably correct.
If the US wants to continue playing in that sphere it has to fix its laws instead of trying the usual lobbying, bribing and bullying with trade embargoes. Because trade embargoes don't fix the actual issue, and won't force EU companies to buy US services. If anything, it creates the impression that the US has definitely something to hide, and has no intention to address the problem.
In which case they *deserve* to lose EU business in the EU.
Such as? The whole point of the US objection is that everyone else is planning to use cables that don't pass through the US, so unless they're actually going to blatantly cause mysterious failures in the world's undersea cables, there's not much else they can do. Even ICANN is limited, if they tried to screw the root DNS, the rest of the world has the resources to set up a parallel network. US registrars stop serving DNS lookups, non-US root servers can delegate to non-US servers. It would just encourage people even more to not deal with US internet companies.
"...could potentially lead to effective exclusion or discrimination against foreign service suppliers that are directly offering network services, or dependent on them”
Like Australians not being able to see content on Hulu or BBC web sites when they are supposedly promoting globalisation (so long as they can squeeze more cash from us). It's not like we don't buy a ton of their TV content in the first place, what's so hard about a bit of licencing?
I really think that a lot of overseas web sites don't remotely deserve being allowed to use "www.".
"Like Australians not being able to see content on Hulu or BBC web sites when they are supposedly promoting globalisation"
You think thats bad? There are areas on the BBC websites that British citizens cant access, because they contain "content not available in your country". Not only television shows but forums and news sites too.
British Broadcasting Corporation my ass, if its paid for by my bloody TV license then I want access to it.
"content not available in your country".
if its paid for by my bloody TV license then I want access to it.
Which is the whole point, of course. The bits that aren't available to the UK have been paid for by BBC Worldwide, the BBC's commercial arm which is legally not perrmitted to supply services in the UK under the terms of the BBC charter. They have not been paid for by your bloody TV licence.
:-) :-) :-) Please behave, bitch Heisenberg. :-) .... although that is no way to be construed as a condemnation of the access sought on your part. And if one is a true gentleman, let's not be having any discussion on rights and access to the contents harboured within underwear paid for by the bloody TV license, for that would be an argument which would surely raise passions undeniably true and impossible to match in any other naked field theatre of operations .... Just saying', and having a pleasant time thinking of the myriad possibilities and variety that such thoughts provide :-)
Although, the Schengen Treaty takes its name from Schengen - a town in the well known centre of communism, Luxembourg.
Not being a signatory to the Schengen Treaty, the UK would presumably be excluded from a "Schengen walled garden" - for some reason, it appears our fellow EU citizens don't trust us.
"...for some reason, it appears our fellow EU citizens don't trust us."
I don't suppose it has anything whatsoever to do with the NSA branch office in Cheltenham. ….. Tromos
Nobody is trusting offices in Cheltenham, because just look at what their intelligence is allowing in all media theatres of operation, both domestic and foreign, real and virtual. And the problems and difficulties they have, all stem and are rooted and routed from the very top, where management personnel have lost the plot and are bluffing their way in fields in which they are being decimated and proving themselves to be politically inept and catastrophically naive. And that is the most generous and kind assessment which can be made.
Such is easily solved though with new broom BRoom Command and Control Programmers supplying the top tier with what IT needs to feed and seed/mentor and monitor for future business and reality leadership.
They surely must have, or be damned and confined and constrained to always follow, Beta Command and Control Rooms for Advanced IntelAIgents Programs in Novel Field and Noble HyperRadioProActive IT Theatre Hostings of Great Games Plays for the Live Operational Virtual Environment in Global Operating Devices and vice versa, for Global Operating Devices in the Live Operational Virtual Environment. It is simply in ICT, just a Comprehensive Applied Minds Project and Uniquely Complex AI Researching and digital Development Promotion …. and a SMARTR AIR&dD Attack Root in Defence Forces for Zeroday Vulnerable Operating Systems, which be all SCADA Command and Control Systems.
And not a lot of folk know or knew that, but all now have been told of it, for there it is before your very own eyes on a popular website in a interactive browser on the world wide web internetworking ..... and doing its IT thing, educating the masses to higher levels of consciousness and universal engagement ........ :-) and a right devil of a heavenly job is it too.
And most certainly not at all suited for the weak hearted and lily livered, because of the extreme degrees of excitement to be encountered and embraced, so take care if you dare play in its ICT fields. Too much LOVE can kill you, every time.
PS.... NSA jump through GCHQ hoops, hence the present chaos and current mayhem, madness and systems dysfunction.
A lot of (western) countries dislike being reliant on countries that they consider less stable, or not idealogically aligned with their views, as their only source of oil and gas. What Snowden's security leaks have done is to make a lot of (western) countries think about their data security in the same way they think about their energy security. And for the same reasons.
What we learned from the story of the Natwest Three is that one party in the UK can strike a deal with another party in the UK, that is legal in the UK. However if the emails which make up that deal touch american soil, then american laws are applied and - since the UK government is about as useful at looking after its citizens interests as a Rottweiler is at guarding your sausages - you're banged up : Jim. Unless you can personally afford to foot the bill to defend yourself against the might (and drawn out proceedings) of the US legal system.
Sp apart from not wishing a foreign power to know everything you ever committed to email, phone conversations, downloads or Dropbox, there is the not insignificant matter of legal hegemony, which is just as wide-reaching and just as insidious.
But having a "We run a Europe-only network" can be a commercial differentiator. Kind of like "All our furniture is made in the U.S.A.". And it's something that American server providers can do too, they just locate all the datacenters and fiber in Europe for customers that want "Europe only" service.
And the Schengen cloud comes with pitfalls too. "We're a European company and for security we have used "Europe-only" data services. But now we want to open an office in New York/Shanghai/Singapore--so I guess we need to change".
Hi Marketing hack,
While you're correct, and they can do that, U.S. Law as it currently is (under my understanding) means that there's no difference between a U.S. server running in New York or in Berlin - if the NSA wants access, the U.S.-headquartered company is required to provide it and then required to lie about providing this access. This is why, through no fault of their own, _no_ U.S. company is trustable - the legal framework they are subject to simply precludes this.
A carefully-structured EU company, however - at least, until the EU gets around to implemented this law themselves (surely it's only a matter of time) - could create a U.S. division that it _knows_ will get compromised by the NSA and only provide the minimum data necessary for it to function. Would seem a tad risky - I'm sure that any competent spook, given legal access to a chunk of a network, would duly attempt to break into the rest of it and nobody with any sense would _want_ to go up against the NSA - but the structure could be put in place.
"This is why, through no fault of their own, _no_ U.S. company is trustable - the legal framework they are subject to simply precludes this."
Then if they want to trade in the EU then the US can change the law. Not that big of a deal.
if they want to trade in the EU then the US can change the law. Not that big of a deal.
Ah, but that is the sticking point: it IS a big deal - a HUGE deal, actually. The US laws that are the problem exist at federal level, and there are 2 main issues:
1 - those laws were created (or, to be more exact, existing laws were seriously weakened) for a reason. Plenty of authorities and companies base their existence on these laws, so they will not give up this seriously deficient framework to go back to a situation where they will actually have to submit to supervision and due process and provide transparency of what they do. Another factor that matters here is that there have been plenty of skeletons produced, to be discovered when this gets tidied up (as Snowden has already shown).
2 - even assuming issue (1) can be addressed, as the problem exists at federal level you can't quickly fix this problem. Changing federal level laws will take years of drafting and wrangling with stakeholders (and that's without taking the politics into account). The issue is that the revenue hit is taking place right now. Silicon Valley is already feeing the pain, and I expect a lot of privacy BS to be sent our way in the coming months. 2014 will probably become known as the year of privacy bullshit, because the depth of the hole the US has dug for itself here has finally become visible.
Anyone with even a remote clue about privacy would have seen the not-so-very-Safe Harbour agreement for the sham it was. Seriously? Self certification for something so critical to EU data protection rules? Also, just examing what sort of *cough* "fines" the FTC has been handing out to companies that were not compliant - it exposes Safe Harbour for the fudge it is. The only issue unsafe Harbour addressed was preventing a trade war - it has absolutely ZERO to do with the protection of privacy of EU citizens. That this particular chicken has now come home to roost is IMHO A Very Good Thing That Was Long Overdue.
Don't get me wrong: I fully expect the EU with be blackmailed into accepting a new Unsafe Harbour agreement for pretty much the same arguments as before. Let the EU corporate buyer beware - if client data gets exposed through an US connection, your own business ends up holding the can.
IMHO, the US has become a no-go zone for those who need to protect clients or intellectual property, unsafe Harbour or not.
"And the Schengen cloud comes with pitfalls too. "We're a European company and for security we have used "Europe-only" data services."
Similar could be said of China but plenty of western companies have been prepared to sweep aside any moral considerations in order to comply with China's rather draconian approach to Internet services.
The only sane reason for spying on friendly governments was of course given by Lord Vetinari, who states that spying on friends improves mutual understanding and therefore promotes friendship even more.
There is of course another school of thought who points to the bablefish, which by removing barriers in communication between species has lead to more and bloodier wars than anything in the history of creation, but it could be argued that the opposing sides in these wars weren't friends to begin with.
"When a once democratic country (so it claimed) spies on its own citizens, as well everyone else's, that would seem to suggest that the terrorists have already won on a scale they could only have dreamed about, surely?" That's as stupid as saying if you have a police force then crime has won - complete male bovine manure.
Are they getting nervous or is it just another simple ruse to appear nervous? Perhaps their men-in-the-middle fibre-linked containers full of flash storage can slurp all the data they like, then when they're full they can just sail slowly across the atlantic for later analysis and filtering offline. As long as the slurped data is all in plain text or encrypted with some noddy code that they have the master keys and certificates for then it'll be business as usual. Oh and the first thing that appears encrypted with anything that they don't have the master keys for will suddenly gain a lot of 'who touched that last' focus ;)
Maybe I am missing something, but what seems to be the situation is that :
1/. The US is allegedly doing 'man in the middle' stuff.
2/. The response is to try and make sure the middle isn't in the US?
3/. The USA is making a big fuss despite the fact that half the world runs on Cisco and therefore Cisco ARE the men in the middle and therefore if Cisco and the spooks have an arrangement whether the traffic runs across the US or not is simply irrelevant?
4/. The classic way to prevent or at least render hugely ineffective, man in the middle snooping is asymmetric encryption, on everything you do, with plenty of massively redundant messages of pure random garbage interpolated to prevent frequency analysis and confound the opposition.
5/. Ergo, the spooks knowing this, are making a big fuss about the European firewall because they want attention focussed on that - a non problem for them rather than on the intrinsically obvious solution, of simply encrypting everything so that man in the middle scraping gets so awesomely expensive they end up having to attack the end points instead.
There already is a European data network, and no particular reason for messages not to be most efficiently routed within it, as I'm sure very many are. But that doesn't stop a free citizen or business operating within an EU or Shengen country locating data and servers wherever personal preference, business or legal issues require.
I'm free to locate my server wherever it suits me and commerce offers suitable facilities, and having some crat or politician telling me I can't locate it where I want to reduces the reasons for me to want to locate it closer to home.
Here be an alternative, independent and exiled view on the subject ..... http://rt.com/news/us-global-spying-assange-761/ ..... which wholeheartedly agrees with the premise, which doesn't really need to be made practical if one is just careful about what one sends over communications channels and who one would be wanting to share information and intelligence with. And don't forget, there is no way to beat the knock at the door and a quiet fireside chat [with a relaxing smoke and/or a bevy or beauty or two or three] to get things off one's chest, whenever things are truly sensitive and likely to be highly destructive. Such is so much more civilised and satisfying, methinks.
The smarter operators in the phishing and phorming fields in which spooks and security boffins play need to up their game though, to be effective in the future, and be proactive and engage with emerging talent which may be baiting and leading them, before it discovers all of their faults and weaknesses and decides they be certainly unworthy of future supply of their magnanimous gifts.
EU: yeh we want an EU only limited network under principle that all electronic transactions (yes, including credit cards :-) ) to and fro in EU must remain in EU.
and a second principle that a nation must communicate directly to another nation. So no bouncing to USA for stuff going from UK to France or UK to New Zealand.
USA: but we want blah-blah-de-blah
EU: how much are you prepared to pay to get what you want? Enough to reduce EU taxes to single figure levels?
Sweden > Switzerland via EU servers
Sweden > Uncle Sam > Switzerland with data sniffing and NSA compliance looks at least a little bit dodgy n'est pas?
Even if the EU server route data sniffed at least citizens would have recourse to action.
With Uncle Sam?
Remember: no taxation without representation?
no data slurping without representation should be new dilemma?
I wonder how Bush, er Obama, would react if Europe started insisting that interstate internet traffic pass through Europe.
It is none of the USA's business how Europe connects to the internet provided it follows the standards. And this can be accomplished easily without violating any standards.
Europe isn't advocating anything so drastic, but if Europe wanted to put itself behind an NAT firewall that is none of the USA's business.
Putin breaks the peace and invades Crimea and then acts surprised The West takes actions to defend itself from further invasion by Russia.
Obama spies on the world, denies that non-Americans are humans deserving of human righrts, and then acts surprised when the world takes actions to defend itself from further human rights abuses by the USA.
The problem is when you send an EU<>EU email and it goes through a US controlled or US monitored backbone or US controlled or US monitored exchange.
Sure there are German and French email companies, but your email has to get to the one you are using and then get to the one the other guy is using.
You could encrypt the entire thing, including headers, but then you'd be "violating the rules" on how separate mail servers are supposed to connect.
Much better to play by the rules and ensure the EU's internet is EU owned, EU controlled and only monitored subject to EU human rights laws -- at least as much as technically possible.
Be rather nice if there was an attribute you could set on an IP datagram that would control the region of the packet, and would only allow the packet to be forwarded to hosts in that same region, otherwise dropped. Want your packets to stay within Europe? Just set the correct zone, and make sure every router in Europe knows it's in Europe.
Oh, to have a time machine...
nice if there was an attribute you could set on an IP datagram that would control the region of the packet, and would only allow the packet to be forwarded to hosts in that same region, otherwise dropped
Yeah right, if that had existed at the start of the internet-era, ISPs totally wouldn't have been only selling geo-limited accounts.
"Oh no sonny, no transatlantic pipes for you, get back on your local internet with our local services."
Why should anyone route traffic trough the US when the source and the destination is in Europe?
I certainly don't route my local traffic through my ISP, simply because my LAN is a lot faster than the connection to my ISP.
The "Shengen Cloud", at least as far as I understand it, does not address encryption, it's only concerned with routing.
And the current routing should already provide the proposed cloud, unless someone screwed the routing.
Conclusion: Either am I missing the point or whoever proposed the "Shengen Cloud" had no idea what they were talking about.
You're actually both correct and mistaken. Mistaken insofar that you assume that logic dictates routing, whereas BGP routing between autonomous systems is actually something that is frequently, umm, "adjusted" (I think there are some setups that collect evidence of that - I would welcome a pointer where this is accessible). I recall from quite a while back that we saw quite often traffic route via the US whereas the shortest and most efficient route would have indeed been direct.
Where you are right is that we should indeed not consider ANY network trustworthy, and use encryption by default (provided we find a way to trust endpoint certificates - as quite a lot of CAs are US based there is plenty of scope to issue certs for man-in-the-middle activities by whatever 3 letter agency feels the need). That way, it doesn't matter if you use a wet piece of string, an airport WiFi link (which is practically always intercepted) or a serious fibre to the desktop connection that takes seconds to deliver a whole DVD worth of data. Personally, the latter is the only way we can address the problems, but there are an awful lot of protocols that still default to cleartext. SMTP is one of them.
IMHO all of you guys talking about the intention of EU building a network that will be "un-snoopable" are losing the plot. This is not the issue here. There will always be attempts by external powers to eavesdrop on such an EU network that carries interesting data. And encryption that was mentioned as a solution is not a panacea. Compromised operators, compromised servers, compromised end user devices or even quantum decryption that may come in the future can tackle this to a degree.
The fundamental difference of not having such a network is that if there are companies, servers or cables which fall under US jurisdiction involved then the data can be acquired (NOT intercepted) by the NSA en mass, legally and easily. I doubt NSA would be able to grab such a huge volume of data if that data weren't crossing US jurisdiction. Also no NSA agent AFAIK has been punished for participating in the scheme. So it is easy legal and safe.
I believe US in a similar manner banned HUAWEI from strategic projects based on allegations that their equipment may have back doors. Regardless if this was true or not it was within the rights of US to protect themselves and avoid any potential network vulnerabilities. That doesn't mean that the Chinese may not try to infiltrate the US networks in any other manner. They will always do.
In a similar manner Europe has the right to try and protect itself at least by making it harder for externals to snoop at their data. Whether this is practically possible at the moment is not the issue. The issue is to build a network that US has no easy legal wayto intercept it. Will that stop them trying to? Of course not. Is it possible to built such a foundation taking into consideration the current Geo-Political-Financial situation of Europe. Of course not.
Regardless I believe that Europe has the right to try and set it up. Step by step after some time they can get there.
Biting the hand that feeds IT © 1998–2019