
Did Obama Just Destroy the U.S. Internet Industry? - lukejduncan
https://www.linkedin.com/today/post/article/20130609225334-16549-did-obama-just-destroy-the-u-s-internet-industry?_mSplash=1
======
zmmmmm
One of the rather interesting side issues in this whole debate has been how
casually the rights of foreigners are tossed aside as secondary to those of
american citizens. There is intense debate about whether US citizens rights
are being violated, but almost nobody questions whether there's any moral or
ethical issue with completely unrestrained spying on everybody else.

While I understand that this is largely because the legality of the spying
hinges on whether US citizens are subject to it, I still find it a rather
fascinating aspect.

~~~
siculars
Does anyone know how these companies, et al., actually differentiate US
Citizens from Non-US Citizens? I don't remember clicking the "I'm a US Citizen
box" on any website.

~~~
joering2
> Does anyone know how these companies, et al., actually differentiate US
> Citizens from Non-US Citizens? I don't remember clicking the "I'm a US
> Citizen box" on any website.

I think you were just trolling but if not then one of hundreds possible ways
to find that:

1\. get a hold of your your email (or name and then facebook / gmail snoop)

2\. your email leads to your paypal account

3\. your paypal account leads to your dob and ssn, bank accounts

4\. your banks accounts hold information whether you are citizen or not;

\- OR -

4\. your ssn codification tells whether by the time obtaining the number you
were citizen or not

PayPal, Facebook and Palantr has the same co-owner, P. Thiel.

But seriously I don't think they discriminate. Last thing they look at is
whether you are citizen or not. Your IPs (all the one you ever used while
login to any website you have an account with) can quickly tell them whether
you are on US soil or not. Most likely as long as you are here, you are
consider us citizen, whether lawfully or not but you "operate" on US soil so
the same rules apply to you. Good example would be if you are in US as a
tourist -- you still need to obey US laws and regulations.

~~~
denis1
Doesn't this mean that they are spying on you without actually knowing if you
are a US citizen? By your logic, only after step 4 they actually know if you
are a citizen, but they have collected a lot of data about you in steps 1-3.

------
jval
This is a huge deal. I live in Australia and I have been running businesses on
the cloud for the last 3 years or so. I have rarely heard the issue of the
PATRIOT Act raised and in spite of there being laws banning the transfer of
personal data outside Australia, most people are quite lax about the issue and
take the view that the risks are too small to be counted.

Those days are most certainly over. This stuff will affect companies like AWS
and Rackspace the most, given that they are competing for contracts with
companies who are seriously concerned about who can get at their data. I
imagine nobody will flaunt the laws in Australia regarding international data
transfers in future, and that countries where no such laws exist will enact
some very quickly.

Any cloud based software company in the US which holds large amounts of data
that could in any way be deemed to be sensitive is going to have a much harder
time pitching to clients overseas who will increasingly opt for a decent local
alternative over a foreign one should the option exist. The only thing that
American companies can hope for otherwise is that there is no foreign
alternative.

The world is not going to come to an end but for a lot of people, their jobs
are about to get much harder and the government should be worried about this.

~~~
einhverfr
My latest startup is Efficito (a Limited Company, registered in the UK). The
web site is [http://www.efficito.com](http://www.efficito.com) and our servers
are all in Europe. We have built the service up with a very careful eye for
security (why we are going hosted cloud first, and multi-tenant is still in
the works).

You have just given me what I think is a very good possibility regarding a
marketing message, namely that we are not subject to NSA orders, and that we
take security extraordinarily seriously. We are still looking into whole disk
encryption for virtual instances, but key management is a non-trivial problem
there to get right. For those who want it I can be pretty sure we'd be happy
to work with you to find a way of making the system meet your needs. (Of
course given a few customers, we could work with a server in Australia too.)

But I also think it goes beyond shipping the data overseas. Suppose you do
business with an American company that has servers in Australia (for the
record we are registered in the UK, not the US), and they get a FISA warrant?
Of course they will send the info over. So you can't only look at where the
business's servers are but also where what legal authorities they are
obviously subject to.

~~~
dmix
The UK has quite a strong military sector with their own secret agencies and a
strong relationship with America.

Could that make them capable of similar monitoring? Does the UK have stronger
information privacy laws that the US doesn't?

~~~
einhverfr
The laws are build on different principles making them somewhat different.
However, one of the things that we pay a lot of attention to is security
resilience. The question is, "what has to be compromised before your data is
compromised? and is there a way to detect it?" The storage is still something
we are working on but you can believe it is a design goal.

The EU has very different approaches again to privacy law. I don't know you
can compare them. They tend to be more lax with collection and stronger with
use.

However, we can also help you install the software (open source, reviewed by
developers all over the world) on your premises if you would prefer. So our
best shot is only for those who really want to cloud host.

------
raganwald
It's odd, I hear people saying, "no big deal, nothing will change." But then I
wonder, if you're saying it's no big deal, are you an American or not?

The point of this pst is that foreign business will be affected, AFAICT,
Europeans have always held the Internet to a stricter standard than Americans
and have passed stricter laws around everything from what data can be retained
to the behaviour of tracking cookies.

If you've posted a "no big deal" comment, can you please go back and tell us
whether you are an American or not.

~~~
snowwrestler
Europeans tend to have higher standards for protecting the privacy of the
personal data of their citizens from access and use by private corporations.

But what the U.S. NSA is doing is sifting data for connections to foreigners
who are suspected of being terrorists. I would be shocked if Euro intelligence
agencies are not doing the same thing.

~~~
jacques_chester
"Everybody's doing it!" isn't really a good excuse once you turn about 12
years old.

~~~
snowwrestler
I'm not making an excuse. If the theory is that folks will pull out of
U.S.-based cloud services, then the question is, where would they go instead?

The U.S. data-mining program has been revealed. I would not assume the lack of
revelations from other nations is definitive proof that those nations aren't
doing similar things. In the absence of data it is very easy to make
convenient assumptions.

~~~
jacques_chester
True.

The old rules still apply. If you can't afford someone else to know something,
you have to encrypt it in motion and at rest.

------
ritchiea
One biggie that the author left out of the piece:

The US Gov continues to insist that they are not monitoring the data of US
citizens because that would be unconstitutional without warrants. But that's a
tacit admission that they are openly monitoring the data of non-US citizens. I
think this is one of the most important revelations of this leak, the US Gov
has made it clear that if you are a non US citizen using a web service based
in the US your data is definitely under observation.

~~~
jacques_chester
They'll be doing something like the old Echelon trick.

US spy agencies can't spy on Americans, so they spy on Australians, Canadians
and Britons. In return, Australians spy on Americans, Britons on Canadians etc
etc. Then they swap intelligence and get to claim that "we didn't spy, it was
given to us by our allies who are under no such regulations".

~~~
einhverfr
There's still a major limit there. The issue of the Verizon and PRISM systems
is that they probably involve the possibility at least of legal authority over
the vendors. Court orders or possibilities of court orders....

If the NSA is spying on Australians clandestinely, then they don't have that
authority and they are limited to what they can scavange. It would be _far
better_ if we were to a point where no courts would coerce cooperation of this
sort, and the system you are describing is better than what we have. The
problem is when the NSA gets a court to forcibly deputize an American business
to spy on Australians, and that's a very, very different problem.

------
decasteve
I'm Canadian. I'll be locking down my communications as best I can: email
(GPG), instant messaging, chat, etc. I'd like to see my American neighbours do
the same and hold their politicians feet the fire over this.

I feel like I should boycott the US companies on the list, at least to some
degree. I have made the switch to DuckDuckGo and Mozilla. A Blackberry, as
opposed to Android, will be my next smartphone. As a developer I'll be
dropping my iOS support in the coming weeks. I haven't used a Microsoft
product, including Skype, in a long time (exclusively Linux). I will likely
phase out Google Drive and Gmail as well.

Not sure how many of my compatriots will follow suit or if that will have an
impact financially.

There are lots of recommendations out there now to lock-down your browser,
e.g. adblock/https/etc, if you haven't already. If this becomes mainstream
then advertisers like Google may take a hit.

I'll be emailing my member of parliament (MP) to make sure we keep tabs on
this in Canada, and keep our privacy laws intact.

~~~
devb
How do you plan on telling everyone you communicate with, "I'm sorry, this
channel is unencrypted, this conversation cannot continue."

Why aren't companies scrambling to provide a plug-in encryption product?
Forget Google's default https, I want easy end user encryption.

------
purephase
Nothing will change.

If you think that those involved were not prepared for the eventually of a
leak, you'd be very naive. The fact that all of these companies have been
sitting on boilerplate denial statements speaks volumes. Contingency plans
have been put in place for this eventuality and the people making these plans
are experts at dealing with these situations.

My guess is that the gameplan for the US government will be to stay silent and
wait for general apathy to sink back in. Tomorrow is WWDC and, with the latest
Apple news, the tech community rally will likely fall to 2-3 page in a week or
so and then disappear altogether. Once that happens, the difficulty moving to
alternate services (as per the other HN poll) will shadow everything, and the
company bottom lines will be unaffected.

Add to that, if you believe that the US government and institutions are the
only ones doing this, that would be even more naive. The Mossad, SIS, CSIS,
KGB etc. are likely implementing very similar policies and procedures, if not
directly involved with PRISM (or whatever it is actually called) and the
outsourcing companies providing it. The likelihood of finding other
territorial based services with capability, scale in an area not under
surveillance is probably close to impossible.

The Arab Spring was a wake-up call to all governments/multi-nationals that
these tools are power in the hands of the general public and steps were taken
to mitigate and reduce this effectiveness.

It's depressing. I wish it were otherwise. I wish the companies involved
actually had the ability to push back or outright deny involvement in these
types of actions, but I suspect their hands were tied.

Silicon Valley is entrenched. We like to think that it is still our playground
but we should know better. My only hope is that this time we learn and that
brighter people than I figure out what we can do about it.

~~~
danilocampos
> The fact that all of these companies have been sitting on boilerplate denial
> statements speaks volumes.

Can you show your work on this? How would we know this?

~~~
obstacle1
A bunch of people compared ~9 of the companies' statements in a past thread.
They are all identical in structure, form, and style, with only minor
differences like differing adjectives and emphases. They all also beat the
exact same terminology to death. Namely, "direct access".

------
eksith
No, because only those who were on the fence were swayed either way. As of
right now, the Poll on how the HN community will respond (
[https://news.ycombinator.com/item?id=5846564](https://news.ycombinator.com/item?id=5846564)
) is at :

    
    
      No, I'm ok with it								66 
      
      I'd like to do something but it's too difficult to avoid using cloud services	195 
      
      I'm going to try to use services from non-US companies hosted outside the US	99 
      
      I'm only going to use services that allow client side encryption.		37
      
      I'm going to host all my own services. 					47 
      
      I'm not changing anything because I already assumed all of my data was being 
      monitored anyway.                                                             151
    

A quick glance at what the rest of the public is thinking is quite
illuminating as well.

[http://www.csmonitor.com/USA/DC-Decoder/2013/0609/How-do-
Ame...](http://www.csmonitor.com/USA/DC-Decoder/2013/0609/How-do-Americans-
feel-about-NSA-surveillance-Ambivalent)

Summary: People think in terms of "Privacy is a bit like oil. It's getting
pricey, but I still like my SUV."

If anything, it may give a much needed boost to an existing sector of internet
industry, privacy and security. I see several companies springing up (some
already have) that delivery end-to-end encrypted communication and storage
over different media (of course, there would be plenty of Snake Oil as well).

The real frontier of communication is the transmission of anonymized and
encrypted data with services bought and paid for anonymously as well with no
repercussions for the service providers.

~~~
raganwald
_" Privacy is a bit like oil. It's getting pricey, but I still like my SUV."_

You do know that outside of the US, there are lots of people who don't drive
SUVs because of the price of oil?

~~~
eksith
Not having being born in the U.S. and still having family in several
countries, Yes, I do.

The implication is that U.S. Internet Industry is somehow "destroyed" as a
result of this is hyperbole. If anything, all it did was give hope to those
outside the U.S. that there's still a viable market for the same cloud
services (sans FISA leash) even in smaller scales.

------
runn1ng
No.

Because most people don't care about privacy that much. See TSA scanners,
foursquare, hell GMail scans your data everytime you read mails, Facebook
doesn't even pretend there is a privacy. Damn, first thing any Apple computer
do is taking your picture, getting your details and sending it all to
Cupertino, before you even load the OS. Android tries to track all your phones
under one account you have to add before starting up.

People don't really care about privacy. (Disclaimer: I am no better.)

There will be some anti NSA rallies, sure. Photos of those rallies will be
geotagged with EXIF data and posted on tumblr, facebook and twitter from
iphones and androids.

~~~
coopdog
I don't care about privacy for my personal (not corporate) information from
Google. The worst they can do is disconnect me, and I can always leave them.

I do care about that an organisation with the power to legally kill or
imprison me without trial, with the world's strongest military and a penchant
for punishing anyone who embarasses them has all of my data, including who I
associate with, what I say and whereever I go. In fact not just my data, the
data of their political opponents and the journalists that keep the system
honest.

If not Obama, someone at the head of the table is going to abuse this
information one day.

~~~
rayiner
> The worst they can do is disconnect me, and I can always leave them.

No, the worst thing that Google,[1] can do is share that information with
credit card companies, HR departments, health insurance companies, etc, who do
have the power to ruin your life and are much more likely to do it than the
government.

What happens when the advertising money hits the wall and can't support
revenue growth sufficient to keep the Wall Street analysts happy? At some
point some MBA is going to figure out that HR departments would love to be
notified about e.g. their employees joining say a cancer support page. It
sounds inconceivable today, but I bet people who started using credit cards in
the 1960's and 1970's never expected that one day the various credit
organizations would band together and sell your information to literally
everyone, so that you could be denied a job because of your credit history.

I think it's important to keep some perspective, and I feel like people on HN
aren't doing that here when they direct all their blame to the government over
this issue and hold Google, Facebook, etc, who created this surveillance
apparatus, blameless. Corporate America is much more likely to screw you over
than the government. They have a profit motive to do so, and can get away with
screwing you over on a mass scale in a way the government cannot. I don't know
a single person who has been screwed over by the government. I do know people
who have been screwed over by credit ratings agencies, having job offers
revoked because they struggled financially in college.

Maybe it's not inevitable or even very likely that Google and Facebook will
sell your information to the highest bidder. But it's a failure of imagination
not to pretend that it isn't possible, and if we're going to engage in
slippery slope reasoning with respect to the NSA, let's be intellectually
honest and admit that we've built a vast surveillance apparatus in both the
public and the private sector, and there are numerous entities within both
sectors who have the ability and perhaps the motive to use that information to
hurt you.

[1] Or Facebook or whatever. It doesn't matter. One day these companies will
become mature and will be headed by some MBA who has never written a line of
code...

~~~
danenania
Collusion among private corporations is scary, but it's not as scary as
totalitarianism, mass imprisonment, and genocide. The precedents set for what
governments end up doing once they get their hands on this level of social
control are very bleak.

~~~
rayiner
The amount you should reasonably be worried about something happening is the
probability of the event multiplied by how bad that event would be. Government
gone totally off the rails would be much worse, of course, but corporations
going off the rails is much more likely.

How many liberal democracies can you point to that have gone the way of
totalitarianism, mass imprisonment, and genocide? I don't see a lot of
examples around. Yet I can look around and see tons of examples of
corporations doing evil things with your information (health insurance
companies dropping coverage when you get sick, credit card companies sharing
credit history for any purpose other than setting interest rates, etc).

I think things you can see examples of every day are generally much more
worthy of your worry. Or at the very least, it's not rational to be so worried
about government surveillance while giving a free pass to the companies
creating a surveillance apparatus that can be abused by corporations.

~~~
sdkmvx
> How many liberal democracies can you point to that have gone the way of
> totalitarianism, mass imprisonment, and genocide?

How many 200 year old liberal democracies can you point to? There's no
historical data to look at. This history of the United States itself is an
indicator that democracy is self-defeating. Compare the amount of classical
liberalism in 1800 and 2000. Whether that can continue past the middle and
into full-blown totalitarianism is untested.

> It's not rational to be so worried about government surveillance while
> giving a free pass to the companies creating a surveillance apparatus that
> can be abused by corporations.

It's also not rational to give the government a free pass. Don't think that
companies can collude with each other. The government can also collude with
companies, as PRISM indicates that they have been doing.

~~~
rayiner
> Compare the amount of classical liberalism in 1800 and 2000. Whether that
> can continue past the middle and into full-blown totalitarianism is
> untested.

You mean in 1800 when the Alien and Sedition Acts were in force and the
government didn't even have to come up with some pretense and prosecuted and
convicted people directly for what they said in the press? I don't think the
U.S. circa 2000 suffers for that comparison! If you want to talk about which
is a more free society, the U.S. in 1800 or the U.S. in 2000, you also can't
leave women and blacks (combined more than 50% of the population!) out of the
equation...

It's ahistorical to pretend that the U.S. has only gotten less free over time.
Vis-a-vis "classical liberalism" the government claimed the power to regulate
all interstate commerce in 1824--the only difference today is that you can't
even buy a candy bar at a vending machine without engaging in an interstate
commercial transaction. If you live today the way the vast majority of the
population lived in 1800 (on a farm growing food for your own consumption and
sewing your own clothes, etc), you'd probably find that government doesn't
reach your activities appreciably more today than it did 200 years ago.

It's also ahistorical to pretend that our rights are universally weaker than
they were in 1800. Remember, at that time, the Bill of Rights did not apply to
the states. The liberal Supreme Courts of the 1960's and 1970's dramatically
strengthened due process rights and habeas rights relative to what they were
before. First Amendment rights are dramatically stronger than they were in
1800 (the "obscenity" exception to the 1st amendment has been whittled down to
pretty much just child porn).

Now, I won't say the U.S. is the freest its ever been. When you take into
account the experience of all Americans (not just rich white males), the
freest the U.S. has ever been was probably the mid 1990's. But, it's been
worse before. It was worse under the Alien and Sedition Acts. It was worse
under Lincoln who governed under borderline martial law. It was worse under
McCarthy. From an economic rights point of view--the country was far more
regulated in 1935-1970 (vast swaths of the economy, everything from
transportation to telecommunication, was deregulated from 1970-1990).

The idea that the trajectory of the U.S. has inexorably been in the direction
of less freedom is nothing more than looking at the past with rose-colored
glasses. It's not a perspective rooted in historical truth.

------
etherael
Another data point, I have used a ton of cloud services from US companies in
the past with an attitude of not really being comfortable with it based on a
belief that something like what was discovered was probably happening but it
was just too damned convenient and easy to ignore.

I still made efforts to secure what mattered, like truecrypt containers on
dropbox et al, but at the end of the day I just shouldn't have played the game
at all. Lending economic support to this kind of behaviour is not acceptable.

I'm conflicted about this because I'm convinced that generally speaking,
Dropbox and Google and various other companies that have no other choice than
to behave in this way are otherwise really worth supporting.

I am as we speak setting up dedicated hosting with encrypted storage and
obfuscated service paths to migrate all my existing services onto something I
can reliably control, starting with gmail and dropbox.

I really should have just done this a long time ago, but it becoming
abundantly clear that my suspicions were completely justified pushed me over
the edge.

------
kjackson2012
Is it true that Google does not protect the rights of non-US users from having
their emails read and copied by the NSA?

If that is the case, then why would any foreigner ever use Gmail, Yahoo mail,
Hotmail, etc?

~~~
Ziomislaw
because they are uninformed

------
parennoob
I'm not sure how common this is on this site, but I happen to be an HN reader
the vast majority of whose friends in the US and across the world don't know
or follow technology/security stuff.

Out of my 600-odd 'friends' on Facebook, one (1) is posting stuff about the
NSA allegations. The other 599, are posting pictures of cats, music videos,
snaps from vacation, reflections about life, et cetera. I myself am extremely
reticent about posting on Facebook due to the recent revelations.

As a result, I am afraid Edward Snowdon's fears might come to pass, atleast in
the short run. Not enough people care. They crave the short-term dopamine
bursts that result from people liking their posts, or pictures, or videos.
Getting them to set that aside and care about the fact that the Government
might potentially have access to it all is a very, very hard task.

In order to do this, you have to get people to switch en masse to new, secure
social protocols. In short, you have to build a Facebook alternative, an
client-side encrypted webmail service, or a document sharing site that
JustWorks, is secure, and doesn't require any terminal commands to access /
run. Otherwise the majority of the population is going to use products from
Microsoft, Facebook, and Google. You can use your encrypted webmail and
identi.ca, but very few people outside the "tech-aware" world will communicate
with you.

~~~
noerps
I really concur and like to add there are now one or two generations of young
adults and their kids out there, who have never even considered privacy (as in
non-exhibitionism).

------
DominikR
It is sad for me to see the course that the US and the European governments
have taken in the recent years.

My company (a small european provider of mobile telephony and chat) has to
store all traffic that is going over our service during the last six months
for the government, which may request that data. They didn't yet try to get
that data in bulk, but I am pretty sure that we will see that happen in the
near future. And there will be nothing that we can do about it as a small
company if we want to stay in business and out of prison.

I believe that at some point this will harm IT business, which hopefully will
also cause the government to rethink their strategy, but I am afraid of how
far they will have to go before they come to this realization.

In 1998 (as a 17 year old boy) I was able to board a plane in London to Vienna
without passport. (because I've lost it during my trip) Today I have to give
fingerprints and other biometric data like a criminal just to get a new
passport. Tomorrow maybe it will be a standard procedure that robots do a body
cavity search on me before boarding a plane.

It is funny that I, as a tech enthusiast, am hoping that I wont see the kind
of progress in robotics during my lifespan, that enables them to do anal
probing at scale in airports.

------
einhverfr
I am an American and I just want to point out that my latest startup
([http://www.efficito.com](http://www.efficito.com)) is a Limited UK company,
and my co-founder is from the Netherlands. It would certainly be to my
advantage if things change. We offer cloud-based ERP, and you might be
interested to know our main hosting server is currently in the Czech Republic.
We are also paranoid about security (all access is encrtpted, and we are
looking at encrypted storage for virtual machines, and much more).

I would love for things to change. I really would. What I worry though is
about attention span of even decision makers on the business side, and what
the alternatives are. The ideal situation would be a bunch of smaller private
social networks able to interop (the Diaspora model) but it isn't clear there
is a financial way to make this work.

So I hope it changes. I really do. I just am somewhat pessimistic :-P

~~~
buro9
I'm a UK citizen with a startup [http://microco.sm](http://microco.sm) that
has gone to some lengths to avoid US domains, companies and laws.

All of our domains are EU based, the company is UK based, and whilst we've
used Linode for blog and basic site-hosting and will use Cloudflare for CDN,
we are putting nothing on the server of a US company that could be a risk to
privacy.

All of our data we are keeping within the EU which we feel holds much better
standards and has stricter laws on data protection, and for user-generated
content we feel that the EU E-commerce Act is better than the DMCA and risk
created by the copyright lobby in the US.

Ultimately what this means is that for our core data and API, European
companies with no US parent or holding company will win our hosting business.

We will still use US companies, but in a way that is little more than
transport and performance increases for US-based users. But even then, we are
not requiring real identity and we are implementing SSL everywhere and are
happy if users use VPNs or Tor to connect.

Why all the fuss? I believe that through a persons' interests one can
determine political affiliation. So I believe that to allow people to organise
themselves freely around their hobbies and pastimes, that we must consider
this and protect them from any entities that might use that information
against the individuals. Further I believe that when people of shared interest
come together that they are likely to organise to protect and preserve that
interest, and this means that interest groups galvanise ad-hoc lobby groups
and activists.

I also hope it changes, but I'm going to act as if I believe it will get worse
on all fronts.

~~~
blibble
you'll be putting all your traffic through cloudflare?

if they do your SSL termination that makes all your careful US-avoidance
completely redundant.

additionally, if you include some JS hosted on cloudflare, then that's
susceptible to being tapped by the US intelligence agencies too.

~~~
buro9
No, I'll be putting _some_ of my traffic through Cloudflare as we use several
domain names, and each for a specific purpose.

~~~
blibble
also if they want to intercept a few of your high profile users, the fact
you're using SSL really isn't going to stop them, when they can issue valid
certs for your domain without asking you.

short of SSL pinning being widely deployed: you're powerless to stop them, and
while it's an admirable goal, it's ultimately disingenuous to suggest that you
can safeguard your user's privacy.

~~~
buro9
I'm not suggesting that I can safeguard user privacy, but doing something is
better than doing nothing, and certainly I can do what I am able to.
Ultimately the user is far more likely to give up their privacy by posting
identifiable information online, and through graph analysis revealing their
associates too.

What I can do though is: Leave the core data in Europe, not store anything
that I do not need to offer the service (and I don't need your real identity),
educate users and encourage the use of Tor and VPNs, implement what measures I
can do protect users (SSL).

------
brown9-2
The author is guilty of thinking that the president is King, as if the entire
federal government and all three branches weren't behind these things for that
past 7 years.

~~~
JamisonM
The headline "Has the US Government's History of Acting Against its own Stated
Values in the Protection of Civil Liberties and Privacy" is not nearly punchy
enough to attract the desired clicks though.

The window ain't just 7 years, it stretches a lot further back than that.

------
kcorbitt
I don't think it will have that big an impact.

The thing is that the grassroots organizers in other countries who care most
about government spying tend to live in countries with much _more_ meddling
than that which the US government has demonstrated through PRISM. So compared
to a locally-run service, keeping data in the US cloud is likely still much
safer. I don't see Google handing over an activist's email logs to the Turkish
government, whereas an email service based in Turkey could be strongarmed into
it.

A legitimate, non-rhetorical question: does an activist in Turkey care whether
the US government reads his/her emails, as long as they don't share them with
Turkey?

------
shirro
I think most people with some technical savvy have already concluded that
everything on the Internet is potentially subject to surveillance, both
government and corporate. You can mitigate the impact on your privacy to some
extent by going offline or using crypto but not totally. People need to choose
what to share, when and with whom. The people who are loudly shouting on
social media about the evils of government interception are still shouting on
social media where everything they have ever said or done is able to be mined
and analysed. Nothing really has changed except perhaps the perceptions of the
naive.

------
starchitect
The biggest problem with this article is that the only competitors the author
can find who might supplant the US ones are located in China. Don't see US
tech hegemony fading anytime soon, Prism or no Prism.

------
caycep
Not sure about Obama, but maybe Snowden did just for the timing and the
linking in the public mind with these companies. For those who've been keeping
track of this, this isn't all that entirely new - I mean articles going back
over the past few decades in the Washington Post, at least 3 NYT bestsellers
by James Bamford, what more do you really need in terms of "revelations"? My
general gist of it was that the NSA probably was scooping packets somehow, and
if they really wanted to get you, they could.

Somehow, this time, the story got traction. I agree w/ the general consensus
that it's about damn time. The Mil Industrial Complex will keep rolling on w/
"Top Secret-creep" and "Surveilance-creep" until a proper re-evaluation of the
Church reforms and the Patriot act and other contributory/relevant legislation
for this day and age is conducted, and enforced.

I am hoping the earlier "All wars must end" speech on the part of Obama is
hinting at a step in this direction.

Of note, it was probably worse pre-internet, when the NSA could just scoop
radio signals out of the air...networked communications made it much harder
for them - at least temporarily.

Also with SIGINT, the NSA is joined at the hip by the UK, Canada, AUS and
NZ...the NSA technically could avoid spying domestically by sending intel
requests to their counterpart agencies...

------
kailuowang
Was the industry just destroyed? That shouldn't be too hard a question to
answer. A good indication is the stock market - so far all major U.S. Internet
companies' stocks show no signs of collapsing (prices increased since the
leak). If you think the market is wrong, it's good opportunity for you to cash
in.

It's also a good indication that the rulling class is not much concerned about
this leak of PRISM at all.

------
foxylad
"destroy" is hyperbole, but it's certainly going to have a chilling effect. We
can't ignore the elephant in the room any longer - our utopian global human
internet is actually just a US government controlled plaything.

My company provides a service to the government sector in Australia, hosted on
Google's Appengine. We've been negotiating a blanket deal with a government
department, and I can see that we're going to have to answer some very hard
questions about the security of their data after this. Winning this deal would
make a ten-fold increase in hosting costs irrelevant, and I wouldn't be
surprised if they even offered to pay us more to host in Australia just for
their peace of mind.

Most of us learn as kids how asymmetrical trust is, and how once you're caught
lying no-one believes your apologies or promises to mend your ways. Before
PRISM, it was only the cynics muttering about how the US Government saw
everything we did. Post PRISM, most non-US companies (and probably many US
companies too) will be looking for neutral alternatives to US services.

And Richard Stallman... proved right yet again!

------
bifrost
I don't think he's capable of destroying it, but he's certainly set things
back quite a ways. We've known about domestic internet spying for quite some
time, but its definately gotten bigger and badder under the current
administration.

I hope people finally will stop with the "oh but nobody is looking at my
stuff" attitude, because now they know BigBrother(tm) is watching.

------
Fuxy
I doubt many people will leave American companies real soon there are just not
many good alternatives at the moment but given a choice between an American
company and say one in a more privacy oriented country that advertises its
position properly people may think twice.

Nobody seems to mention that the intelligence agencies of the world deal with
information and their not shy of selling it. Say for instance a revolution is
brewing over Facebook in a country the US would like to keep as is how likely
is it that the CIA would provide intelligence to that country to stop the
revolution?

Facebook may be a tool for revolution but it can be a tool to stop revolution
as well and the US government gets to decide which one will it be.

I'd rather they stay out of it and the only way to do that is to not use US
services.

------
nacho2sweet
I worked at a University in Canada, and we had a no USA hosted services policy
from day one of that Patriot Act. Not everyone knew about it or followed it
but if an IT department was involved in development we had to enforce it. It
was really frustrating for me a lot of times because I couldn't design new
useful solutions or suggest products like SurveyMonkey for example that would
save everyone huge amounts of time.

This is totally the kind of thing that is going to happen to a lot of
businesses now that less technical people that are higher up are aware of
these issues. They are going to get a little fearful and mandate certain
services are a no go.

------
AlexeiSadeski
A minor correction in terminology:

The US Constitution and case law makes no distinction between protections
granted to US citizens and foreigners. All are treated equally under the law,
and thusly "enjoy" the same "protections."

However, case law has determined that such protections are not granted outside
of the US's borders. Thus, an American citizen and a foreigner have equal
protection (again, in theory) when inside of US borders - and both are equally
unprotected when outside of US borders (it's a bit more complex regarding the
'outside of US borders' part, but that's the general gist).

------
kriro
Here's two high level pitches someone should go and try to validate:

"Like Google with strong data protection."

"Like Facebook with strong data protection."

Feel free to send me some of your billions later.

I think there's some outrage now but by and large most citizens don't really
care as long as there's some justification they can buy (ZOMG gotta protect us
against those terrorists). Yes it's a sad state of affairs but that's what it
is.

If I'm wrong on that the US has just created a pretty sweet incentive for
European/Other entrepreneurs to grab a good chunk of the silicon valley
business.

------
downandout
While I actually hope that the predictions in this article come true, as
people should not put their data at risk by allowing it to pass through the US
at this point, I am pessimistic that anything will change. I was sure that
seizure of overseas internet poker domains, on the basis that .com domains are
controlled by an American organization, would have been enough to drastically
reduce .com registrations. That didn't happen. People have a tendency not to
care about things until it directly smacks them in the face, and then it's too
late.

------
Smrchy
I live i Germany. And whenever we try to sell cloud-based services to our
customers there is this group of people that are not comfortable with Google,
Amazon, and Microsoft. They like to keep data in their own racks on their own
servers. The standard reply is to call it FUD and talk about all the
advantages the cloud has.

It will be a lot harder to win an argument against them now that everybody
knows that data which is stored in the U.S. is free bait for the NSA to play
with. It's no longer fear, uncertainty and doubt. It's just fear now.

------
richardw
I've been wondering about this. The U.S. will be considered the anti-
Switzerland with respect to our privacy. If you want your data safe, don't
store it in the U.S.

Next question: how are Google etc treating my data when my own government
wants to know what I say about them? Do they also bend over backwards to set
up portals for different levels of ally, or are foreign citizens safer from
their own governments than US citizens are from theirs?

------
Sami_Lehtinen
Similar actions has been affecting other businesses earlier: "Due to this,
Swedish-Finnish TeliaSonera has, as of June 5, 2008, moved their Sonera
(Finnish) e-mail servers out of Sweden, as Finnish law requires communication
to be confidential. They have also transferred Swedish customers from Finnish
to Swedish servers, to prevent Sweden-to-Sweden e-mail from crossing the
border."

------
buzu
I live in the UK and for me this is a big deal. While this issue was always in
the back of my mind, I never had concrete proof that this was happening.

Now that my fears have been answered, I shall think twice before buying any
cloud space on US companies servers. I will be speaking to my colleagues on
the effects this will on our existing data and how will this effect the trust
with our customers.

I think this is a huge deal.

------
u2328
I think 'destroyed' is a strong word, and it's still early. Damaged? That's
probably fair.

I wonder if that's a major reason the Google-centric 'The Internship' movie
kinda bombed this weekend. I mean, it might just be a crappy movie (didn't see
the reviews), but I do suspect a lot of people weren't really into seeing a
movie about Google after all this.

~~~
psbp
The average movie-goer wouldn't make the association unless the story were in
the headlines for weeks, maybe months, on end. It just doesn't look like a
great movie.

~~~
u2328
Heh, you're probably right.

------
mtgx
This is the Europeans' "big break", and they need to take advantage of it.
Hopefully they won't resolve around UK, because it's probably just as bad at
this. Maybe Germany can be the center of innovation in Europe. At least they
have some pretty strong laws and strict judges, and citizens can even create
their own laws and referendums.

------
Sami_Lehtinen
Nothing new at all, history just repeating itself. Everything mentioned in
this article was already assumed by people. I did laugh when they aid we don't
do domestic spying. I think they don't know in US how many people in the world
are living outside the all mighty US. Maybe it's just bad geography and
limited national political thinking.

------
konstruktor
While consumers may be too lazy to care, cloud providers will lose a lot of
business. You can bet that every trade magazine outside the US will have
articles discussing if it is even legal to store data with US providers given
the particular country's regulation and the information we have.

~~~
1morepassword
That's already been a common discussion for many years. The business world
outside the US is very much aware of the problem.

What we're likely to see now is article discussing how to get out of the US
cloud, because it has now shifted from a potential legal issue to a commercial
selling point.

Even clients with "nothing to hide" will start asking questions about where
the data is stored. Not so much because they're worried about the US looking
at their data, but because they want to know how well _we_ as their service
provider take care of their data.

------
xradionut
Most of the comments are concerning politics and very little are concern the
economics of smaller companies and individuals rejecting services from Amazon,
Google and Microsoft.

(Microsoft's TechEd had a big push towards Azure this last week. Their timing
sucks... Sorry about their bad luck...)

------
D9u
There went that fabled "moral high ground," right out the window.

This government wants to keep increasingly more secrets from its populace,
while simultaneously decreasing our rights to secrecy.

More of the double standard which widens the gap between "We the People" and
the ruling classes.

------
locusm
Whats interesting here in Australia is that mainstream press are largely
ignoring this story. The number one story on news.com.au right now is "How the
fabulously rich kids travel" \- cant wait to read that! The Ed Snowden story
is way down the page.

------
SideburnsOfDoom
> "American companies have overwhelmingly dominated it. They have done so with
> astonishing innovation and technical achievement. Apple, Facebook, Google,
> Microsoft, Skype..."

Skype was in no sense an American company until it was sold, first to eBay and
then to MS

------
ansimionescu
This might answer the question in the title:

[http://en.wikipedia.org/wiki/Betteridge's_law_of_headlines](http://en.wikipedia.org/wiki/Betteridge's_law_of_headlines)

~~~
ubernostrum
This is one of the most formulaic, most predictable comments on HN. It adds
nothing to the discussion, offers no insight into the topic, and exists only
as a cheap way to score magical internet points.

Please do not post such comments again.

------
rdl
IMO it should be a much bigger deal for totally commodity services (IMAP/SMTP,
file storage, etc.) vs. "unique" services (it's not like you could run your
own Facebook server in Iceland...)

~~~
notimetorelax
There are local social networks, to give an example from Russia: vk.com,
odnoklassniki.ru, etc. And these are more popular than Facebook.

~~~
rdl
Social networks aren't commodities, especially once your set of friends are on
them.

~~~
notimetorelax
You're right, what I meant with my comment was that for may countries Facebook
is not the only social network. Many people are active in multiple networks
and some of these social networks have no ties to the US, hence if users
outside of the US decide to move away from Facebook it won't be that hard to
do.

------
kjeldsendk
It's safe to say that if i find a real alternative to Google Apps i will be
moving a few hundred people away from Google Apps. Right now we just have to
live with the 1984 feeling.

------
gulfie
No, this sort of thing has been going on long before Obama. If anything he
will just be the one that got unlucky enough to be in charge when people found
out some of the details.

------
u2328
Hey Europeans, does this mean your love affair with Skype is over?

------
Vivtek
No, because none of these laws have been enacted in the Obama administration.

And yes, because Candidate Obama said he was going to fix things, then
discovered other priorities once in office.

------
Cardeck1
Am I the only one who sees a tech-war coming in the next 10 years?I always
suspected that as new tech arises the chances of seeing a war rises too.

------
asperous
The good news is, if we make this a big deal and companies start to feel the
pressure, we'll have millions of lobbying dollars on our side.

------
warrick
What does this have to do with Obama? Genuine question, the article doesn't
say. I thought this was a consequence of the Patriot Act.

------
Cardeck1
This is child's play compared to the information they will gather from Google
Glasses...Imagine what they could do with that...

------
Mordor
Well, it's probably illegal for the US to sell its products in the EU.
Certainly it's game over for the cloud industry.

------
timedoctor
It makes a mockery of the concept of the US being the bastion of freedom and
being an example to other countries.

------
bonchibuji
Baidu instead of Google

Renren instead of Facebook

Youku/Todou instead of Youtube

Weibo instead of Twitter

\----------------------------------

Yandex instead of Google

VK instead of Facebook

Only Beijing and Moscow saw this coming!

------
dreamfactory
I think it will impact B2B e.g. big/sensitive projects will be much less
inclined to use Skype.

------
jfoutz
Betteridge's law in action

[http://en.wikipedia.org/wiki/Betteridge's_law_of_headlines](http://en.wikipedia.org/wiki/Betteridge's_law_of_headlines)

~~~
jlgreco
Just for you:
[https://news.ycombinator.com/item?id=5852146](https://news.ycombinator.com/item?id=5852146)

~~~
jfoutz
That is brilliant.

I still think headlines with question marks are cowardly writing. Be bold!
Take a stand! Come right out and say Betteridge's law is bullshit.

I kinda get the socratic effect the author is going for, but i still think
it's a cheap trick. I didn't ask that question, the author did.

------
iframe
Now I'm looking for a decentralized social network

------
asldkfj234
are non us people going to stop using microsoft windows, intel cpus, vmware...
? Wouldn't it make more sense for the nsa to bug these things ?

------
Yuioup
How much of it was Bush rather than Obama?

------
qntmfred
No I don't think Obama did anything.

~~~
starchitect
How's that hole in the sand? Seeing anything good down there?

~~~
csdreamer7
Couldn't agree more.

------
petercooper
Chicken Little, is that you?

------
msaint
No.

------
1morepassword
The damage was already done well before that. Individuals may not care that
much (so Facebook is relatively safe), but businesses and governments have
already been well aware that storing their data in US-run services is a bad
idea, and in many ways not even legal because of existing privacy and security
related regulations.

If you for instance store sensitive medical data, you can't do that somewhere
where the US government may get access to it whenever they want (warrant or
not btw, unless that warrant is server to _you_ and not your service American
provider).

Many of us are looking at ways of backing out or staying out of US services
for the potential legal complications alone. This may accelerate things, but
to most it was already clear: if you have any kind of liability concerning the
data you store and process, you can't use American online services.

The question "does your product use American services?" will be asked with
increasing frequency. Also, having "no" as an answer is a good selling point
in many markets.

------
andyl
So much of internet business rides on trust. Yes, this is gonna damage the US
Internet industry.

If you're selling cloud-based services in overseas markets, your non-American
competitors just got a big helping hand.

------
ttrreeww
It is now easy for any country to ban US based technologies in order to jump
start their own tech industry.

This is the beginning of the end of the US tech industry in general.

------
taktix
Nowhere in the world can you escape from US omniscient powers nowadays, and I
can't help think this may be the prophesied New World Order (or if you're a
Christian, the "Great Abominable Church").

It's imperialism via information, and US corporations are the foot soldiers.

------
blahbl4hblah
Yeah, it was Obama. He did it by himself. He just turned his evil black man
powers on the internet industry and just blacked it all up. He did this
because he is the entire federal government.

Jesus.

