Hacker News new | past | comments | ask | show | jobs | submit login
Blowback from the NSA surveillance. (schneier.com)
189 points by teawithcarl on June 20, 2013 | hide | past | favorite | 29 comments



When I wrote my representative, this point is what I stressed.

Strong privacy protections will become a competitive advantage for nations going forward, and the US will lose business if they maintain the right to spy on 'foreign' communications which pass through their network (or don't).

Many Americans and EU citizens alike would probably pay extra for services which are incorporated and hosted in countries with strong, enforced privacy regulations. Some organisations may be required to use services with strong privacy protections located outside of the US.


Part of the reason that people from around the world are keen to put their money into US property, and thus to contribute significantly to the wealth of the US, is because they justifiably believe that their US property rights have some real and effective protection based in law, not just the good intentions of the US government. When they figure out that their US cloud data has no similar protection, it's likely to have adverse consequences for the US over time. https://news.ycombinator.com/item?id=5853380 (The situation with "upstream collection" of data passing though US telcos is less clear-cut, and in any case there's SSL for that - it's the PRISM "direct collection" which most demands attention.)


That's a good point, but it's not Schneier's point. He's referring to recent attempts by countries like Russia to make some major changes in the way the internet works - changes that the US and some other countries successfully opposed. The recent revelations undermine the US's position.


The last sentence is very true, but what makes me really sad is that the consequences of this leak is that at least in Germany and UK, the government look for ways to fast-track the same kind of surveillance system. They want the same thing for themselves!


Yes, that's right. I wonder whether Snowden could foresee this consequence of the leaks.

It's obvious - the countries which possess such technologies will have big advantage over countries which do not, so they have no other option as to pursue the same capabilities.

The only other possibility would be for the Internet to "reinvent itself" to provide true privacy and anonymity, but that is probably not doable.


It's doable. But to achieve that and create a "new" Internet, the governments will need to break this Internet, and make it increasingly a more awful and dangerous place to be on.

I'm really pissed off at governments for doing this because so many services were starting to be so convenient. But now we'll have to take back much of that convenience to get more secure - all because the governments want to abuse that power, and because seemingly the people are not united and strong enough to demand a change of policy.


My understanding is that the contractors that built this capability are selling it internationally anyway. The only thing that's US-specific or surprising about the system is its interaction with our particular laws and particular rights, which it doesn't need to pretend to respect in other regimes.


Kind of takes the piss out of the argument that we have to keep all of this a secret for "national security"


Shhhh.


Perhaps the NSA could create an API and sell licenses to other countries? ;-)


They already do this so it seems.

In the Netherlands they ask for data about Dutch people via the NSA. Doing it this way they don't officially have direct access to the data so they don't need a warrant for it.


Last night I was talking to a friend.

Instead of using Skype we used mumble hosted on a server he controls, over SSL.

The repercussions of this will be huge. It is an international mess. I'm Canadian, and now I find myself concerned and wondering how I can, if I can, secure my communications.


Rumors about Echolon were around since 1980ties. There were dozen cases that confirms surveillance over last 10 years. And most governments know about this already, they have similar project or were part of it.

So nothing is going to change. Nobody will use PGP because "it is too hard". Everyone will stay on Facebook. And soon networks like Tor will get shutdown . And cryptography will become illegal word-wide (already is in UK). Welcome to 21st century.


sorry, cryptography is illegal in the UK? Huh?


If I remember correctly, you can be ordered to decrypt any suspected illegal data on or travelling from your computer. Even ignoring the fact that the only difference between a 2GB file of random noise and a 2GB AES-TwoFish file is that the latter decrypts with the right password, (and thus if ordered to decrypt the first you're kinda SOL) this law includes SSL connections, for which the key is not known to you. There were some articles about the law on HN a couple months back after it was proposed, and I think it managed to pass. Again, AFAIK.


There was something like this more than a decade ago. I remember reading and complaining about it at the time, and feeling slightly superior that we weren't that crazy here in the (pre-9/11) US. sigh


do you have any links?


One from Falkvinge (first hit on google), responding about as you'd expect [1], and a link to the actual law [2]. It doesn't make encryption illegal, it just makes it illegal to not produce the key on demand. You can decide which is worse.

1. http://falkvinge.net/2012/07/12/in-the-uk-you-will-go-to-jai...

2. http://www.legislation.gov.uk/ukpga/2000/23/section/53


>> The revelations that have emerged will undoubtedly trigger a reaction abroad as policymakers and ordinary users realize the huge disadvantages of their dependence on U.S.-controlled networks in social media, cloud computing, and telecommunications, and of the formidable resources that are deployed by U.S. national security agencies to mine and monitor those networks. <<

I think the author doesn't go far enough, and it should read "users realize the huge disadvantages of their dependence on ANY PUBLIC networks". It doesn't matter if it is [directly] U.S.-controlled or not, since other networks are controlled by their respective gov. agencies in that particular countries [or soon will be], and the data can be traded/exchanged.

It seems to me this is a trouble for the whole Internet [or soon will be]; it's not U.S.-specific problem.


"We can't fight for Internet freedom around the world, then turn around and destroy it back home. Even if we don't see the contradiction, the rest of the world does."

Er, how is unregulated spying on non-Americans, fighting for internet freedom around the world?

I take internet freedom to mean the USA has the world wide freedom to spy on non people.... sorry, non Americans.

The blow back I would start worrying about is if the countries or the likes of the EU start walling off the internet, sort of like China, to keep American spying out. I now wonder if the Chinese firewall is as much about internal control as it is defensive.

American actually risks the break up of the internet as one single thing, unless it begins to respect people who are not American.


He's referring to things like the attempted ITU power grab last year [1]. We'll see something like that again, using the NSA as the explicit|implicit justification, and it will be much harder to stop. = "blowback"

[1]: http://blogs.computerworld.com/internet/21500/victory-unitu-...


I agree with the US "no rights for non citizens" notion being total BS. About walling off the internet, China has proven it can be done, and recent news confirms that it is not stupid and both China and other countries who are doing their best to reduce Google and Facebook type US megacorp/military/intelligence inroads to their society are not without reasoning. Even Russia is getting in on it now. China has shown the way and achieved a pretty serious division from western-dominated internet services... the services persist, but the volume of blackmail-capable and social network information around the society's leading figures that is being stolen by foreign intelligence services is probably markedly reduced by this strategy. It's solid, as proven by the NSA revelations.

Meanwhile, Eric don't be evil Schmidt goes on a "personal visit" to North Korea at the behest of the State Department (cough) Council of Foreign Relations, from where his girlfriend hails, and run by the same dynastic wealth schmucks screwing the US citizens from within their borders.

Ahh, business as usual. Petty, petty humans! May all beings find their peace :)


The Internet has faired pretty fucking well under American custody in the past two decades. Let's not be at a rush to discount this fact in the face of the leaks.

For better or worse, the US still seems to have probably the most progressive stance on general freedom of speech and tolerance in the world. This is perhaps the last example of nationalism to which I think tech folks can subscribe honestly.


The most progressive? Really?

Yes, we're better than China, but pretty far from the leader.

http://en.wikipedia.org/wiki/Press_Freedom_Index

The U.S. is the most important nation in terms of it's historical importance to freedom in the world, but it's been decades since it's been considered an example to emulate, in terms of either the electoral and political process, or rule of law based in natural rights.


A red herring, my friend. From your link:

"The questionnaire asks questions about pluralism, media independence, environment and self-censorship, legislative framework, transparency, and infrastructure. The questionnaire takes account of the legal framework for the media (including penalties for press offences, the existence of a state monopoly for certain kinds of media and how the media are regulated) and the level of independence of the public media. It also reflects violations of the free flow of information on the Internet. Violence against journalists, netizens, and media assistants, including abuses attributable to the state, armed militias, clandestine organizations, and pressure groups, are monitored by RSF staff during the year and are also part of the final score."

So, a whole bunch of other things are rolled into that--least of which is some ill-defined internet component.

I know that it is very popular to bash on the US--often with very good reason!--for its press. Fact is, we did this to ourselves. Fact is, we stopped paying for newspapers that did good reporting. Fact is, we promoted and supported the rise of media moguls and conglomerates that helped stifle solid journalism. That was us, not some secret government cabal.

The US is pretty hands-off with regards to the 'net, especially with regards to free speech that others may find offensive: contrast us with the way many European nations seem to feel about hate speech or libel.

The only things I'd actively hold that we do incorrectly about the 'net is the ICE domain seizures and massive data-mining of communications.

Then again, we again see that the private sector is more than happy to vacuum up personal details. Thanks Google! Thanks Facebook! Thanks marketing firms!

Yet again, we do the worst of this to ourselves.


It boggles my mind how people don't understand the point you're making here.


On the phrase new internet nationalism I would like to point out I snuck in the nominal country of 'AA' to an IETF internet standards draft recently to informally establish it as a potential touchpoint/alias for the internet at large.

IIBAN subsumes the position of National Numbering Authority (NNA) for the nominal [ISO3166] 'nation' of AA (the Internet) in order to provide a financial endpoint registrar service for the internet community. https://tools.ietf.org/html/draft-stanish-iiban-01

It's pretty token at this point, but I would be thrilled to see others pick this up and run with it! (PS: New revision of that draft out soon.)


I wish Bruce was right, but the interception of so much internet traffic is hugely valuable to the US (not just security but commercial spying too). Therefore it will use all the leverage it can with its trade treaties etc to lean on sufficient countries that it will maintain if not escalate its control of the main internet routing systems.


The problem they'll notice will be the slide in demand for our software and internet services. We'll get hit in the wallet and they'll wake up. Because the US loves a lot of stuff. But money always come first.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: