It's odd, I hear people saying, "no big deal, nothing will change." But then I wonder, if you're saying it's no big deal, are you an American or not?
The point of this pst is that foreign business will be affected, AFAICT, Europeans have always held the Internet to a stricter standard than Americans and have passed stricter laws around everything from what data can be retained to the behaviour of tracking cookies.
If you've posted a "no big deal" comment, can you please go back and tell us whether you are an American or not.
It's not just about what people think. It's also whether they think hosting stuff on US servers is even legal.
I can imagine the Pirate Party suing some EU groups (governments, companies, whatever) because they are using US providers, and the US is not safe enough to conform with EU privacy law. And there's money on the line too, lots of EU companies will want the contracts that are going to US ones. And keeping jobs onshore is always popular with the masses.
I think its a big deal. I'm not American. I don't think things will change - at first.
The leading US internet companies are all built on a foundation of trust. Undermining that trust counterbalances the convenience of their services and over time new competitors without these trust problems are only a click away.
I dont think its the kind of thing that affects things commercially in a visible or predictable way. One of my first impression is that its humbling. Web companies are the ones that brag the msot about "building a better world" and this time there was collaboration to make it worse. I think the best or biggest change that could happen is better Whistleblower laws and protection (or high level of exposure to produce more).
I think it will change things; I'm an American. Having your customers trust is important for business---now data stored offshore has just become a feature.
I'm an American, and I think things will change - for the worse. I'd like to think that if morality or the Constitution didn't stop this shit, at least bidness would.
But I think what will really happen is that the administration, and the bureaucrats, and the security "services" in general will double down, be much more secretive about what they do, be much better at what they do (grants coming soon to a computer science department near you), be much more aggressive to prosecute and intimidate whistle blowers, and put more layers on the stonewall of denial.
Your last line is a really interesting one. Most governments probably are to some extent self aware, insofar as there's an executive branch. But I think the self awareness you are referring to is a kind of secretive adaption of sorts, where the response is not aligned necessary with the public interest, but with the interest of those in power (to stay in power).
On consumers I would not expect much change to any other non-us service that keeps you invested and locked-in. There simply are no alternatives, some european services are currently shutting down.
Even Schneier is stating that if you aren't connected with us social media, you simply stop to exist for certain groups of people. That rule applies to nearly every european user too.
The point of this pst is that foreign business will be affected, AFAICT, Europeans have always held the Internet to a stricter standard than Americans and have passed stricter laws around everything from what data can be retained to the behaviour of tracking cookies.
I run businesses in the UK that deal with personal data and sometimes use US companies to do so.
There is a specific provision intended to fix the problem of exporting personal data outside the EEA to be processed in the US, which would otherwise be prohibited because US laws are inadequate in this area: the US Department of Commerce operates a Safe Harbor scheme, recognised by the European authorities, which US businesses can participate in to demonstrate that they handle data with sufficient care to satisfy European standards.
The problem is that if the US government is going to permit itself to access data contrary to the claimed protections anyway, then the Safe Harbor scheme is demonstrably unfit for purpose, and any legal shield it provides to European businesses that want to use US-based services to process personal data is in doubt.
This problem is hardly a new discovery, but until recently, the issue was being dealt with quietly, with European officials making occasional mutterings about being in contact with the US government to resolve the conflict here. As of the past week, I'm not sure that's going to carry much weight any more.
This leaves a paradoxical position for any business wanting to operate legally in both the US and Europe. It's not clear whether the huge players like Google or Facebook could avoid the problem by changing their corporate structures, if doing so means that a parent organisation in the US would not be required to disclose personal data held and processed only in Europe by a separate European legal entity under European data protection law. In practice, this might be worse news for US businesses that aren't yet big enough to play the corporate structures lottery, and for those European companies who benefit from services provided by such companies and might have to make other plans. Obviously quite a few smaller Internet services well known on HN would fall into that category.
If you'd asked me a year ago how the paradox would be resolved, I would probably have cynically suggested that the EU authorities would ask how high when the US authorities told them to jump, as they have done previously with things like travel and banking data. But now that this has become a major public issue that people are actually talking about, any attempt to do that seems likely to turn out very badly for European authorities whose popularity is already at an all-time low. I suspect far more Europeans resent the constant privacy intrusions and security theatre of modern life than many across the Atlantic may realise, probably because the consequences of excessive state surveillance are still within living memory in many European countries, and because all around the Med we've been watching timely reminders playing out over the past 2-3 years.
Europeans tend to have higher standards for protecting the privacy of the personal data of their citizens from access and use by private corporations.
But what the U.S. NSA is doing is sifting data for connections to foreigners who are suspected of being terrorists. I would be shocked if Euro intelligence agencies are not doing the same thing.
I'm not making an excuse. If the theory is that folks will pull out of U.S.-based cloud services, then the question is, where would they go instead?
The U.S. data-mining program has been revealed. I would not assume the lack of revelations from other nations is definitive proof that those nations aren't doing similar things. In the absence of data it is very easy to make convenient assumptions.
>But what the U.S. NSA is doing is sifting data for connections to foreigners who are suspected of being terrorists.
Demonstrably false. All of the terrorist laws are mostly used for drug enforcement and the like. They get nearly no terrorist usage because there are nearly no terrorists.
I'm Brazilian and in the corporate and government space there is considerable resistance to hosting systems and data outside our jurisdiction. What I don't think people have fully realized yet is that American companies are subject to the Patriot Act wherever the operate, so even data stored in Brazil might be exported by them to USA authorities without the customers being notified. I ask myself, how far does this extend? Not only to online services, but even to mainframes and storage systems? Application software? Operating systems?
The point of this pst is that foreign business will be affected, AFAICT, Europeans have always held the Internet to a stricter standard than Americans and have passed stricter laws around everything from what data can be retained to the behaviour of tracking cookies.
If you've posted a "no big deal" comment, can you please go back and tell us whether you are an American or not.