
Data protection: Angela Merkel proposes Europe network - f_salmon
http://www.bbc.co.uk/news/world-europe-26210053
======
Create
We begin therefore where they are determined not to end, with the question
whether any form of democratic self-government, anywhere, is consistent with
the kind of massive, pervasive, surveillance into which the Unites States
government has led not only us but the world.

This should not actually be a complicated inquiry.

[http://snowdenandthefuture.info/events.html](http://snowdenandthefuture.info/events.html)

[http://benjamin.sonntag.fr/Moglen-at-Re-Publica-Freedom-
of-t...](http://benjamin.sonntag.fr/Moglen-at-Re-Publica-Freedom-of-thought-
requires-free-media)

You heard a lot of stuff from governments around the world in the last two
weeks, but not one statement that consisted of “I regret subjecting my
population to these procedures.” The German Chancellor, though triumphantly
reelected with not a cloud in her political sky, is in no position to say “I
agreed with the Americans to allow 40 million telephone calls a day to be
intercepted in Germany; I just want them to stop listening to my phone!” The
President of the United States is considering the possibility of not listening
to thirty-five mobile phones around the world. The other several hundred
million people we listen to are stone out of luck.

You understand what a charade this is, of course. The leaders of global
societies do not conduct their classified business over their personal mobile
phones. Our listening there is not gaining us important military intelligence.
The President of the United States is publicly considering not listening to
conversations that leaders of other countries have with their spouses, their
siblings and their children. But the conversations nine hundred million other
people are having with their spouses, their siblings, and their children
remain fair game.

Nobody is talking about that; you’re not supposed to think about it.

Surveillance is not an end toward totalitarianism, it is totalitarianism
itself.

[http://www.bbc.co.uk/democracylive/europe-24385999](http://www.bbc.co.uk/democracylive/europe-24385999)

------
guelo
China kicking out Google doesn't seems so crazy now. The American government
is a worldwide aggressor that cannot be restrained. All defenses must be put
up in an attempt to stop it.

As a side benefit China has fostered a large homegrown internet industry which
many other countries lack. Services like Baidu and Sina Weibo are more than
acceptable. Europe is more than capable of doing the same and hopefully with
less censorship.

~~~
thisiswrong
> China kicking out Google doesn't seems so crazy now. The American government
> is a worldwide aggressor that cannot be restrained.

You're touching on something here. What you're saying is that Google =
American government [1]. With the rise of open fascism in the US, the merging
of strategic corporations (mostly the technology, entertainment, and banking
monopolies) with government interests is become more and more obvious - and
scary for that matter.

[1] [http://cryptome.org/2013/08/assange-google-
nsa.htm](http://cryptome.org/2013/08/assange-google-nsa.htm)

------
j_baker
I seriously doubt that Merkel's intentions are pure on this. For starters, we
know that Germany has given some degree of cooperation in NSA spying,
including allowing the US to build an army base that will be used by the
NSA[1]. Secondly, we know that the BND used the NSA's systems for its own
intelligence purposes[2].

Something tells me this is as much (if not more) an attempt to put European
users' data within reach of European spy agencies as it is about protecting
European users' privacy. I suppose the upside is that it ensures that peoples'
data is in the hands of their own governments rather than being in the hands
of governments they have no control over.

[1] [http://www.spiegel.de/international/world/edward-snowden-
acc...](http://www.spiegel.de/international/world/edward-snowden-accuses-
germany-of-aiding-nsa-in-spying-efforts-a-909847.html)

[2][http://www.spiegel.de/international/germany/german-
intellige...](http://www.spiegel.de/international/germany/german-intelligence-
agencies-used-nsa-spying-program-a-912173.html)

~~~
weinzierl
You comment made me curious how many US army bases there are on German ground.
More than I expected:

[http://en.wikipedia.org/wiki/List_of_United_States_Army_inst...](http://en.wikipedia.org/wiki/List_of_United_States_Army_installations_in_Germany)

(Not saying they are used by the NSA.)

~~~
pstuart
But they're important to protect the US from Nazis! Do I have to go Godwin on
you so you realize how vital this is?

~~~
waps
Initially, they were. Then they became important to protect Europe from the
Soviets. I would argue that to some extent they're still fulfilling that
function.

But please make no mistake. The extreme right is still popular in Germany and
generally in northwest Europe, in some places commanding ~35% of the votes.
Far left (meaning having political positions not even American "communists"
would support) commands another 10-15% of the vote, even in East Germany
where, let's just say that a lot of the population has good reason to distrust
them.

~~~
junto
Although that has some truth, I would also argue that in today's Europe, the
fact that the US has military bases in Germany is more standing on the left
foot of the German state. In other words, if you stand on someone's foot, they
can't move around that much without you knowing what they are doing.

------
strictfp
Shitshitshitshitshit! I knew that this would be the knee-jerk reaction of
politicians. If this happens, we will get borders on the internet. And if
there is anything which can wreck the internet, borders are it. Now for the
first time I'm really scared about the future of the internet. Let's get
involved politically now and educate these people about the foundations of the
internet, and try to keep it a neutral piece of infrastructure. Curse the NSA
for wrecking net neutrality, and other agencies for waging war here. The
internet was international and neutral from the start, don't bring your
territorial thinking here!

~~~
mpyne
> If this happens, we will get borders on the internet. And if there is
> anything which can wreck the internet, borders are it.

No offense but this is exactly the option I'd be recommending to U.S.
policymakers (i.e. having a "Balkanization Button") if it really comes to
gutting the NSA.

Yes, the thing that makes the Internet so good for us is the open borders, but
it's also the thing that makes it so powerful for countries that don't have to
abide by pesky little things like Western cultural morals.

In no other realm does a potential adversary gain access to a military
capability and the Western world opts to leave itself defenseless. And make no
mistake, cyber is thought to be a military capability for the likes of Russia
(just ask Estonia or Georgia), China, and North Korea.

If pacifism is to be the answer in response to this threat, then that simply
means that defense will have to come by different means, i.e. by "battening
down the hatches" and sealing off foreigners from domestic networks. If we can
seek out threats on networks then the second-best option is to try and keep
our networks from being used against us.

Similar logic will then apply in the E.U. and other nations.

> The internet was international and neutral from the start, don't bring your
> territorial thinking here!

It was hardly neutral from the start, the Internet developed from things like
NSFNET and MILNET. Don't be silly.

And either way, "we didn't start the fire"... the NSA didn't invent cyber
hacking, as they could only have been hacking themselves at first. Go read
"The Cuckoo's Egg" by Cliff Stoll if you want to see where the first wave of
state-sponsored hacking started.

~~~
strictfp
Please remember that Germany voluntarily shared their surveillance data with
the US, at least according to Snowden. So a country subnet wouldn't have
helped at all in this case.

Regarding cyber warfare, maybe the US didn't start this fire, but they
definitely participated in bringing war mentality online.

I hope that we as a technological community can fight this on a global scale,
not nation per nation. Abusing the internet for espionage and warfare sucks.
If we can strengthen security for any arbitrary connection we won't have to
divide the whole net into silos. Here, the NSA were really acting against
their best interest by weakening existing defenses.

Having several barriers of entry is good practice in security, why not just
make sure that there are secured channels with stronger security for sensitive
data. We already know that many systems can be improved security-wise, so we'd
know where to start! These secured channels most definitely don't have to be
by country, and internet could stay as is for everyday communications.

I believe that having an international net greatly helps in preventing wars by
building relations between entities in different countries and spreading
culture. Let's not forget about the negative effects that would come from
shutting this system down by introducing country-nets.

~~~
mpyne
> I hope that we as a technological community can fight this on a global
> scale, not nation per nation. Abusing the internet for espionage and warfare
> sucks.

I agree 100%, but the problem is we don't get a unilateral vote.

Geopolitically it makes _perfect sense_ for authoritarian regimes to engage in
cyberwar. All legality aside, they would be stupid not to.

There is not much anyone (UN, EU, etc.) can do about it. We're not going to
declare war (in the kinetic sense) over the cyber equivalent of spying/covert
ops. We're not going to engage in sanctions that strangle both our economies
over the cyber equivalent of spying/covert ops.

And they know that, just as well as we do. There is _every_ incentive for them
to do it, and essentially no disincentive.

So the cyberwar is on. (And, it's _been_ on).

And that's not even getting into the transnational actors who abuse seams and
gaps of jurisdictional boundaries between law enforcement, national
intelligence, "dual-use" civilian/military networks, etc. in order to organize
their own activities.

The best thing we can do is extremely good defense (which due to scale must be
mostly passive with few active measures employed). And we _should_ pursue
that, but market pressures will always, always go against that.

Even if the U.S. were to, say, regulate that computer systems should be
designed to combat security vulnerabilities (and NIST has just released a
guideline on that), other nations would not necessarily do that and so nations
without that requirement could run rings around U.S. software shops by
releasing buggier software first and with faster feature iteration cycles. And
that's assuming you could "fix the market" with proper regulation in the first
place, which is certainly unclear.

And where would open source software fall into that? Do we want to forbid
individual devs from uploading their wares to GitHub until they've completely
a 27-page checklist?

> Here, the NSA were really acting against their best interest by weakening
> existing defenses.

In fairness AFAICS the one crypto standard they weakened was _only_ weakened
against NSA, not in general (though that would certainly not make you feel
better if you were trying to hide from NSA). But at the same time I never
figured out specifics on whether NSA was convincing companies to ship known-
broken code, actively adding other backdoors, or what. But if their
involvement was limited to convincing companies like Cisco to default to Dual
EC DRBG then that's not nearly as bad as convincing Cisco to ship a broken
zlib.

> Having several barriers of entry is good practice in security, why not just
> make sure that there are secured channels with stronger security for
> sensitive data.

Even without market pressures, the fact is that cyber defense falls prey to
the fact that the attacker generally need only be right once, which the
defender must be right _every_ time. I hate to be Debbie Downer here but
you're speaking to an extremely hard problem, and it doesn't get any easier if
you take all the other possible tools away.

Certainly there are industries taking more stringent precautions, but the
problem is that the bum-standard civilian Internet is _itself_ "critical
infrastructure", and is the hardest thing to make secure (just witness the
spread of NTP-based DDoS attacks). Having citadels of security in a floating
maelstrom of unprotected Internet is not security at the national level.

> I believe that having an international net greatly helps in preventing wars
> by building relations between entities in different countries and spreading
> culture. Let's not forget about the negative effects that would come from
> shutting this system down by introducing country-nets.

Well a counterargument is that an international net has allowed smart
propaganda arms from all sources to drum up more hatred for America (I'm not
speaking merely of things America deserves and should receive blame for....
e.g. both sides in Egypt blamed America and thought America was supporting the
other). To be clear, neither the U.S. media or government has managed to
engage in "smart" propaganda since the Cold War and the Internet has made the
USG in particular look flat-footed.

Look around the Internet and all I see is Europeans calling us fat, making fun
of how we measure distance, write and speak our dates (and all this despite
American coders at MS being careful to add locale and translation support to
their software), and more or less begging for us to take any overseas
extension we have back to America.

While I will say that I do prefer an international, open network just as you
do, those demanding America to go home may yet get their wish......

~~~
strictfp
I see where you're coming from, but I don't really agree with your
conclusions. Yes, authoritarian regimes will keep trying to subvert freedom
and abuse friendly initiatives. But the real question for me is whether we
need to listen to them or not. Why not just ignore them? Maybe they can get
the source for some business system in a successful financial company. But
they will most likely never be able to replicate that company, so why bother?
Maybe the freedom that an open internet gives is worth the downsides? I mean,
it has worked thus far.

Weapon systems and other national security is another thing entirely. Here I'm
all for heightened security with the whole shebang: physically separate
networks, drives in safes, you name it.

Industrial espionage is a borderline case. Here you might want to heighten
security for vulnerable companies, especially the ones working under
government contracts. The good news is that these are most likely easily
identifiable entities. You could maintain a list of high-profile companies who
would have to follow stricter security routines. I'm sure this happens already
in the real world, so why not use the same type of policies for internet
security?

But I would really like to avoid bringing war mentality onto the open
internet. Just like you, I think that the 27-page checklist is completely
unrealistic.

> Having citadels of security in a floating maelstrom of unprotected Internet
> is not security at the national level.

No it's not. But why would you need the national level security? I'm not sure
that I'm buying you point about the internet itself being "critical
infrastructure". If the army want's to claim the whole internet "just in
case", then fine, introduce national borders. But isn't it better if all
countries work together to make the internet stronger as a whole, and not
abusable (prevent these NTP-based DDos attacks for instance)?

The difference is that I don't think that introducing borders are a good long-
term strategy. The example which you bring up about anti-USA propaganda is a
good one I think. Because what I see in younger generations is a whole new
skillset: the ability to see through propaganda, ads and other manipulative
media. Thanks to the internet young people can receive several subjective
messages and still form their own opinions. Being on the internet exposes you
to trolls, liars, false information, propaganda and phishing attempts every
day. And people get better at forming their own opinions.

What I've seen over here in Europe regarding pro- and anti-America propaganda
once free information was introduces was the following: First people stopped
believing the US hype. The US wasn't such a great place after all. Weaknesses
such as poverty and gang violence was exposed. Secondly, anti-american
propaganda came in from the east. This was listened to to some extent, but
pretty soon it became clear that these guys weren't completely honest
themselves. And after 9/11 and the Madrid bombings, I don't think anyone think
highly of eastern propaganda anymore. Lastly, more information started to flow
in from the "real US". Not sitcoms or fox news, but sites like Reddit and
hacker news exposed people to the daily lives of americans. And people started
to bond and understand one another. And this is what I think is the power of
the internet. If we know each other on the small scale, the large scale fights
just won't happen. If the news tells me that Kiev is full of terrorists and
war makers, I can just happily ignore that having seen live feeds and talked
to the people on chats over the internet. It is worth considering, IMO, just
how much this communication is worth. It could be that the Internet is the
best enabler of Democratic peace that we've seen this far. Maybe so good that
democracy isn't even required for enabling "democratic" peace. And borders
could ruin that. For proof, just look at dictatorships. They see this power in
social media and are deadly scared of it. They're scrambling for the power to
shut it down at will.

> Look around the Internet and all I see is Europeans calling us fat, making
> fun of how we measure distance, write and speak our dates (and all this
> despite American coders at MS being careful to add locale and translation
> support to their software), and more or less begging for us to take any
> overseas extension we have back to America.

This is just little brother teasing big brother. It's not serious IMO.

>While I will say that I do prefer an international, open network just as you
do

Well then, let's think up a strategy which would work without building borders
between countries! While isolation is the fastest fix, I think it could be
worth it if we could find better ones.

------
fidotron
The substance is more interesting than the headline: "Above all, we'll talk
about European providers that offer security for our citizens, so that one
shouldn't have to send emails and other information across the Atlantic"

i.e. government support of alternatives to the US owned networked services
that enable the data leakages, not low level infrastructure improvements.
Whether or not such a thing is likely to work, I'd be dubious, but if they
show even the slightest hint of going through with it the US will go crazy.
Likely to be a lot of happy devs in Berlin.

~~~
_delirium
That makes a bit more sense. At the level of infrastructure there already is a
"European network", with pretty good interconnects. It's very uncommon for
intra-European packets to go via the US, at least in continental Europe. There
are some routes where it can happen due to peculiarities of peering
agreements, but I've seen it quite rarely. On the other hand, if lots of
Europeans are hosting their email in the U.S., then Europe having its own
network doesn't do much good: ssh sessions from Milan to Copenhagen go via
Austria and Germany, but emails from Milan to Copenhagen take a North-American
detour.

~~~
bbosh
On the other hand, any traffic that needs to cross the Atlantic, via the
Apollo cables, takes a detour via GCHQ Bude, which is funded by the NSA
([http://www.thisiscornwall.co.uk/USA-spent-millions-Bude-
spy-...](http://www.thisiscornwall.co.uk/USA-spent-millions-Bude-spy-station-
says-Snowden/story-19609311-detail/story.html#axzz2tQqt9qmc)). I suspect a lot
of non-US traffic goes via London, too.

~~~
fidotron
Used to be a much greater proportion than it is today, largely thanks to the
growth of places like the Amsterdam Internet Exchange.

At one point there was a building on the Isle of Dogs (former island in the
Thames) through which an absolutely terrifying proportion of the network
traffic for western Europe travelled.

~~~
_delirium
At least as far as visible hops in a traceroute go (admittedly doesn't cover
everything, such as fiber-level switching), most of my traffic to the U.S.
from Copenhagen currently seems to bypass the UK. A few common transatlantic
endpoint pairs seem to be Paris-Ashburn (he.net), Amsterdam-DC (hwng.net), and
Copenhagen-NYC (tdc.net).

------
kryptiskt
European governments haven't earned our trust any more than the US government.
The adversary may vary, but the network is the same hostile environment and
should be treated with the same caution.

~~~
jkrems
I would say that at least the German government has a better track record in
consumer/privacy protection. Far from perfect obviously, but better.

~~~
a_bonobo
Germany is part of the Five Eyes/Nine Eyes/UKUSA network [1], which was
established so that the respective intelligence communities can share data.
There is at least one of the US' Echelon stations in Germany [2].

I would wager that Germany would intercept the majority of traffic in this
"Europe network" and then give the stuff to the US. Nothing would change.

[1]
[https://en.wikipedia.org/wiki/Five_Eyes](https://en.wikipedia.org/wiki/Five_Eyes)
[2]
[https://en.wikipedia.org/wiki/ECHELON](https://en.wikipedia.org/wiki/ECHELON)

------
SEJeff
What so many people fail to realize is that the NSA will try and likely
succeed at penetrating these networks as well. The real difference is that
they don't need FISA courts to authorize foreign intelligence operations, only
domestic ones.

~~~
bayesianhorse
A more self-sufficient European network, especially one that excludes Great-
Britain (sorry guys...), would raise the effort required to do surveillance.

The NSA doesn't have a limited budget. It already has more data than it can
use.

~~~
TazeTSchnitzel
>would raise the effort required to do surveillance.

The UK isn't the only country that co-operates with the US authorities on
this, sadly.

~~~
jkrems
But it's relatively unique in how close it is to the US authorities, since
it's part of five eyes.

------
o0-0o
This is such a great development, and I fully support it. The more
decentralization we can make, the more freedom we'll have. As long as they are
standards based, not pay-to-play, and, open to everyone.

~~~
thisiswrong
Really? Don't you see the Trojan horse here? I tend to feel that this is a
European version of FISA 'improvement' act.

Merkel and Holland are politicians of a special kind. Politicians & their
intelligence thugs caught in bed conspiring with foreign agencies/corporations
against the people they represent. France quietly pushing through military
legislation authorizing spying on its citizens [1].

We should not allow governments to have any more control over the internet.
Look how much damage has already been done. Instead we need to build
decentralized systems [2] and mesh networks [3] to route around censorship and
government/corporate control.

[1] [http://www.examiner.com/article/france-overtakes-nsa-
spying-...](http://www.examiner.com/article/france-overtakes-nsa-spying-on-
own-citizens) [2] [http://torrentfreak.com/how-the-pirate-bay-plans-to-beat-
cen...](http://torrentfreak.com/how-the-pirate-bay-plans-to-beat-censorship-
for-good-140105/) [3] [http://openlibernet.org/](http://openlibernet.org/)

------
franzpeterfolz
Well, how does it look when Merkel is talking about the internet.

Germany has a project called DE-Mail. [https://en.wikipedia.org/wiki/De-
Mail](https://en.wikipedia.org/wiki/De-Mail)

It's a kind of E-Mail service to improve Data-Protection and get legally
binding electronic communication. So far so good.

But how is this done, and what are the impacts. At first E-Mail got a price
tag. Second, there is no End-To-End-Encryption. Third, you're legally bound if
they say this mail arrived, no matter if you even noticed or read. 4th there
are public companies involved, able to read high sensitive data sent by DE-
Mail, because there is no End-to-End communication. This companies are also
able, but not allowed, to send legally binding mails in your name. How could
you prove, you didn't sent?

This is the context, when German politicians talk about the internet. They
have no clue.

------
forgotAgain
I wonder if when all of this NSA spying was starting out in the government
offices in Washington D.C.; did anyone think about the law of unintended
consequences? Trying to spy on everyone in the world is a massive project.
Placing oneself into _everyone 's_ private lives goes beyond simple hubris.
It's megalomania.

I wonder if even now, those involved, have any idea of the nature of what
they've done and what the magnitude of the consequences are shaping up to be.

------
higherpurpose
I hope it's more like "EU" than Europe, because countries like UK seem more
than happy to sell the rest of us out. In the end the solution will be to
build trustless P2P networks, everywhere, but the only way US and US companies
will agree to allowing something like that will be if EU pushes for localized
EU networks and stuff like this to make their life too hard otherwise.

~~~
rm445
Er, the UK has been part of the European Union since 1973.

~~~
mariuolo
Cameron promised a referendum. I hope they get out for good this time.

~~~
lotsofmangos
Heh, there is absolutely no way that the Conservatives will let the UK leave
the EU. This is an empty promise to try and stop their grassroots voting UKIP.

The thing it, while many of the people who vote Tory want the UK to leave
Europe, the people who actually fund the Conservative party make a lot of
money from being part of the EU. The disconnect between the voters and the
funders of the Conservative Party has been a defining feature of theirs for
decades.

This is why mentioning Europe is so destructive for them, because they have to
stay in Europe, but cannot publicly admit that.

~~~
Silhouette
_Heh, there is absolutely no way that the Conservatives will let the UK leave
the EU. This is an empty promise to try and stop their grassroots voting
UKIP._

There will be a certain irony if the Conservatives lose out at the next
general election because UKIP divides their vote and something between a
Labour landslide and a Labour-Lib Dem coalition happens... because of the AV
voting reforms that the Conservatives heavily opposed a couple of years ago.

------
lhm
This looks rather clueless, I think. As others have mentioned, the problem
isn't so much in the interconnects, but more with the services being used. But
there isn't going to come a new Facebook or Google out of Berlin - or anywhere
else for that matter.

What would be helpful would be decentralized services that match the user
experience of the existing ones. But that kind of innovation isn't what's
going to be discussed here, I'm afraid. On the contrary, such eavesdropping-
safe technology would be viewed very conspicuously by the non-tech savy
politicians in Europe and other places.

~~~
Silhouette
_But there isn 't going to come a new Facebook or Google out of Berlin_

That is, in part, because the kinds of privacy invasion those two
organisations routinely conduct would probably have been challenged earlier
and more aggressively if they had been within European jurisdiction, and
particularly within Germany.

This is a feature, not a bug.

------
kmfrk
As a symbolic show of good faith, let's start by doing away with the cookie
disclaimers.

------
junto
While I welcome the initative, I think this a case of sky hooks and tartan
paint.

I also find it highly amusing that based on her comments she suggests that the
UK is considered to be outside Europe.

~~~
The_Double
Based on the UK's actions they consider themself the same.

EG. Hacking Belgacom to to snoop on the EU.

~~~
Silhouette
It's helpful to distinguish between the country, its general population, and
the actions of certain parts of its government in these kinds of discussions.
The average citizen in the UK no more knew about, supported or condoned a lot
of the recently disclosed intelligence-related activities than the average US
citizen knew about, supported or condoned the recently disclosed behaviour of
the NSA. If anything, I suspect there is a lot more latent resentment of these
government behaviours in the UK, because we don't as a rule exhibit the same
kind of patriotic fervour that significant parts of the US population do when
it comes to military/intelligence matters.

------
facepalm
Does that even make any sense?

Would they force European users to not use GMail? Or force GMail to create a
European branch?

I don't think governments prescribing what services to use is a good idea...

------
joesmo
What part of the idea that data does not have to pass through the united
states does she not get? Apparently all of it.

------
starxidas
Don't give your data to US. Give it to Germany!!

