Hacker News new | past | comments | ask | show | jobs | submit login
An Apology to my European IT Team (fredlybrand.com)
528 points by flybrand on June 24, 2013 | hide | past | favorite | 92 comments

Hrm I wonder what are the chances that someone at the NSA or doing contract work for the NSA has a buddy at a company and that person decides to use their NSA powers to get their buddy's competitor's emails from Google Apps and send those emails to their friend. If there are safeguards in place from keeping this from happening how was Snowden able to take so many documents with him when he went to Hong Kong. Ok so maybe he didn't take any of that kind of data, maybe I'm reaching. If this kind of thing did happen would they let the affected company know? Would anyone know?

Snowden directly answers this -- he claims NSA analysts can get away with it:

http://www.guardian.co.uk/world/2013/jun/17/edward-snowden-n... and


This is getting overlooked, but a 2009 NYT article claimed an NSA analyst looked through Bill Clinton's email out of curiosity (he was caught). I think this is very revealing.


Many government and private sector systems share these types of problems.

Think Facebook and the DMV. As controls mature around the process, trolling through the data becomes relatively easy to enforce. My understanding is that in most state DMVs, looking up the driving record of a public figure or similarly flagged individual by some clerk is immediately detected, and "curiosity" lookups on friends and family eventually get caught by audit.

There is no problem. This spying is being done for economic advantage, not to "protect us."

This information is being passed on to American corporations. This is very old news.


This kind of work isn't informal.

Economic espionage is a big part of what intelligence agencies are doing all day.


One unintended consequence of the Snowden leak is to advertise this service to US businesses. My guess is that the discreet inquiries are already winging their way towards Congressmen.


With the exception of the handful of Members on relevant intelligence committees, most Members of Congress were not aware of the massive scope of this program, or even that it existed in its current form.

Access to this type of information by a private citizen would require a hell of a lot more access than writing a big check to a Representative can get you.

Color me skeptical, but it doesn't appear that there's anything that's outside the scope of what a big check to a congressperson can get you these days. I do hope you're right, though.

I don't understand your objection. My point was that US businesses are likely to be highly aware of the possibilities of PRISM now, after the Snowden leaks. That most US congressmen weren't aware of PRISM before the Snowden leak is neither here nor there.

And while it's certainly possible that they will all simply be told to shoo (and I didn't assert otherwise), a large number of big, clouty US companies (not individuals) hinting that they would like to see some more results from PRISM aggregates to the kind of political pressure that I'm not certain Congress will simply ignore.

And here's how you can start avoiding the NSA:


The safeguards for actual analysts who use the data "officially" are probably a lot stronger than for sysadmins (like Snowden) who have access through side channels. They probably log access through the front door of the webapp and would question someone doing queries on blatantly non-work related things -- this has caught people in healthcare looking up the medical records of famous people, in the past.

They could probably still get access to a very limited number through some pretext, or with cooperation from other staff (like sysadmins or the reviewers), but it's less of a risk with NSA I think than it is with other agencies.

Exactly, except for the logging part: It would appear that either Snowden was able to circumvent the logging policies via his admin privs or they were not in place.

When I was head of an IT division within lockheed (non-classified) I could have accessed anything - with admin accounts i was the sole owner of. I was ethically precluded from doing so...

At a company where there is "open access" with "logging the shit out of access (e.g. Facebook) -- then this situation could arise where an arbitrary employee could access any data, assuming they had the knowledge of where to find the info they were looking for, didn't get caught and the logging was either faulty, ignored or fictitious -- or the employee used an account other than their own to avoid suspicions.

It would be interesting,actually, to understand to what deep level of privs B.A.H - as a company - was afforded to NSA data/systems/programs/etc...

One thing I am not clear on is how this employee of a 3rd party def contractor (albeit, supposedly the biggest to the NSA) was able to access information that is considered to be so deeply secret to the USG? Is this an indication that a significantly "important" program (PRISM) was, for the most part, outsourced to be run by contractors such as Snowden within BAH?

Did Snowden systematically seek out, deftly, access to information over a long period of time through his privs afforded him as a sys ad? This to me is the most intriguing and unknown part: For how long was Snowden planning this? Was this something he truly accomplished on his own? Or was there a cast of supporting characters that we are unaware of"

If there is no supporting characters who helped him put this together - that this guy is one of the most brilliant high-school drop-outs I have heard of.

If there is a cast of supporting characters were they operating as whistleblowers in support of the seemingly patriotic reveal that we have thus far seen?

Or was there a supporting cast of characters that have helped snowden architect this whole event, masterfully - it seems, for a motive that we, the outsiders, are not yet aware: There seem to be three possible realities if this is true:

1) Snowden plus team is a smokescreen designed to purposefully air this info to further the surveillance agenda by seeing how far the world acquiesces to it. Stir up a reaction that can result in tighter controls of liberty when protesting pops up and the USG can claim that these are all threats to our national security and these efforts are vital.

2) Snowden plus team are truly patriots and heroes and are looking to stop the furtherance of USG/tyranny over individual freedom and are airing this info to allow for an open dialogue.

3) Snowden and team really are double/triple agents and are an attack on the USG directly attempting to make the USG look bad and have the US lose face/credibility...

(I am sure there are countless other potential scenarios that the NSA/USG have mapped out... I would be REALLY interested in hearing them for consideration)


My personal opinion is simple - I am very happy this series of events has taken place as I have known of Echelon for decades - and now feel that there is 100% irrefutable proof that it is in place... what the next steps are is unclear, but I hope that it is an awakening and invigoration of people all over the world to fight to make this place a better world to live in rather than a worse one.

Snowden didn't circumvent anything, because he hasn't released anything. Snowden has made a lot of grandiose claims which he can't actually back up, because beyond a few slides and some very common knowledge stuff (NSA hacking China) which he could've outright made up he hasn't been able to show he could do any of the stuff he claims.

If you were aware of any notable hacking incidents in China, and could claim to have privileged knowledge, then it's easy to say the NSA were behind whatever you want (just in this case, obviously the NSAs mission would imply it attempts hacking of foreign networks).

PRISM is disclosed via a powerpoint presentation. Presentation as in, a thing you tend to show to a large audience. Its highly likely he was simply given a copy of it after being shown it, since good internal education and knowledge sharing is a pretty core concept to running a successful enterprise.

Snowden didn't circumvent anything, because he hasn't released anything.

He clearly has released top secret documents; your assertion that he "hasn't released anything" is simply untrue. If you truly feel this isn't a leak, you obviously think the top secret classification is irrelevant and disagree with the US gov. on this. Some examples of his assertions verified by documents:

    NSA keeping daily phone records for every American
    NSA receiving data from US internet companies
    GCHQ (and thus NSA) keeping 3 days complete internet traffic passing through UK
    GCHQ (and thus NSA) keeping the content of all UK text messages
Re access controls at the NSA, I find it telling that an analyst was able to look at Bill Clinton's emails and only be reprimanded afterward - if proper legal controls on each target of surveillance were in place, or even perfunctory control by supervisors, that could never have happened.

He's released - again - a powerpoint presentation. The NSA phone record stuff? That was public knowledge in 2007. The GCHQ stuff seems like it was a powerpoint presentation too - no one's claimed anything more.

It's a leak, yes. He should be prosecuted for it, yes. But it's also widely disseminated internal data by nature of being a presentation.

Everything else is him claiming to have knowledge of things, without providing specific details beyond "his word". There's no reason to think he had the powers he claims to have and he's been leaking the NSAs foreign survieillance programs in broad-strokes like a sieve, but American specific stuff? Mysteriously quiet. With equally quiet walkbacks of the claims by the Washington Post and Guardian.

He's released more than 'a powerpoint presentation'.




QED. That's not all of course, but gives the lie to your claims.

This is not counting the thousands of documents submitted to journalists, who have only published a selection, at his insistence.

Lie to my claims?

My question is, what has Snowden released which confirms the idea that he had the type of broad-ranging access which you claim.

Nothing you just cited confirms that: the first is Verizon phone records. Again - public knowledge since 2007 if anyone was actually paying attention.

The second and third are a warrant of the type used to request surveillance (you know, due process and all that) and a document of procedures for minimizing data on US citizens.

Both documents, explicitly dealing with not collecting broad-ranging data on US citizens and demonstrating oversight and limitation to the process. So again, where is the smoking gun? Where is any proof that Edward Snowden has done more then simply make a copy of a library of guidelines and procedures for NSA employees? Because nothing you just linked proves that he has anything substantive which actually proves wrongdoing, overreach, or the NSA going beyond mission parameters.

Lie to my claims?

Some of your assertions were simply untrue - if you want people to take you seriously, don't try to distort the truth. If the documents above were common knowledge they would not be stamped 'TOP SECRET/NOFORN', he released more than the powerpoint slides, etc.

Because nothing you just linked proves that he has anything substantive which actually proves wrongdoing, overreach, or the NSA going beyond mission parameters.

To take just this one example, I consider tracking the domestic phone records of all Americans daily to be a huge infringement of the NSA's stated mission and the privacy of hundreds of millions of Americans, which you so blithely dimiss as 'public knowledge'. YMMV on that, but frankly your arguments that this is nothing of consequence are absurd given the reaction of the US President, Congress, the NSA, Foreign governments, and journalists around the world to these leaks - clearly they are important and clearly the revelations have shocked many people.

People have been throwing hyperbole around liberally in this issue, so again: powerpoint slides or mundane documents, none of it proves what you're claiming it proves. Edward Snowden has not shown he had any of the capability or access he is claiming. The fact it's marked "Top Secret" does not prove this - confidential information is always "need-to-know" - you can have Top Secret clearance but you don't get to just go and ask for all the Top Secret documents in the archive unless you have a provable reason to have them. It was perfectly clear what I was saying, if you want to get pedantic then its certainly too early to wildly speculate on Edward Snowden's secret NSA leaking team (as in the parent of this thread).

You may consider the phone records a huge infringement but again: this program was public knowledge. There were articles written about it. In fact it was public as early as 2006: [http://usatoday30.usatoday.com/news/washington/2006-05-10-ns...]. Edward Snowden releasing anything on it is thus mundane except for the fact Edward Snowden is doing it, and again - doesn't prove that he actually knows anything significant or had the type of access he claims to have.

Which is the point here: not what you personally find invasive, but the idea that Edward Snowden has the goldmine of data and knowledge people are wildly speculating he does, despite scant evidence in that direction.

No you have it wrong. The rules, while explaining how to deal with data, provide loopholes to basically capture and store everybody (US citizens included). The point is that they are writing laws that should be illegal and are interpreting the patriot act in ways it was not supposed to be interpreted.


It is a very big deal and the US needs to forget about Snowden and concentrate on how to go forward.

You think this is not an intended use of the PATRIOT act? That's hilarious. The PATRIOT act explicitly creates and authorizes this monster.

If he hasn't released anything of use, why is he being charged with espionage?

Just because you failed to release interesting classified materials doesn't mean you weren't trying to. Just because you didn't kill anybody doesn't mean you don't get charged with attempted murder.

Sorry. I guess I presumed that your very first statement of "Snowden didn't circumvent anything" meant that he had nothing interesting in the first place. Which implies that he has nothing to release even if he wanted to.

So if he's charged with espionage, even if he hasn't released anything, does that mean he has circumvented something? Or that access to that information didn't actually require being circumvented in the first place?

Which of the publicized charges against Snowden deal with attempted espionage, or even an attempted release of classified materials?

According to Google "NSA powers" in their case are restricted to FISA orders, so I'm not sure how a random worker at a government contractor can produce these. Snowden was a sysadmin for a contractor and that is how he got his hands on their internal documents.

Is no one else paying attention to anything beyond the "slides" in this story?!

Aren't the NSA claiming they only need a FISA warrant if both ends of the correspondence are (reasonably believed to be) US citizens on US territory? For those of us in "the rest of the world" or any Americans corresponding with us I believe the restrictions on the NSA are "Yeah, do whatever the hell you want!"

FISA, the Foreign Intelligence Surveillance Act, only creates warrants for surveilling foreign persons. It also requires that the surveillance actively minimize data collected on US persons in the process.

It that it covers foreign persons who are believed to be outside of the US

The NSA is claiming that FISA warrants are required if either end is a foreigner, and that if the connection is US-US that they're not allowed to examine that conversation at all.

Seems odd that someone wouldn't have understood that even 10-15 years ago. Outsourced means being exposed to risk from your supplier -- by the company itself, by its employees, or by governments. Gmail has somewhat better technical security to protect from outside non-state hackers than your average self-hosted exchange server, and from insiders (the IT guy, like Snowden, may not have the same goals as the organization...), but that may or may not make up for the ease of serving a third-party communications service provider.

I still prefer well-run self-hosted mail unless:

* You have a <6 month retention policy (i.e. so ECPA's weaker protections are a non issue) (which can be specified in Google Apps for Your Domain)

* You don't have the technical competence to run your own mail server (which gets complicated in a larger organization due to HR risk), or don't have the business competence to hire a contractor to run it in-house in such a way that their staff don't become a huge risk.

There's a third way which would be a lot better for everyone, but it's not technically feasible yet -- a way to outsource some aspects of the server without giving up control.

I think he understood the risks, but basically took it as fact that the US was beholden to decent privacy laws restricting access to private (and encrypted) communications like email. One of the main arguments for using Google apps in the past is the technical level of Google's security, and protection from being hacked. But the NSA/prism leaks have raised a new question in peoples minds, in favour of keeping things in-house or at least in your own country.

That's just it though, we've heard of stuff like ECHELON (which involved no warrants whatsoever) since years before this discussion would have taken place. ECPA dates to 1986! FISA dates to 1978! The insidiously loose interpretation on 4th Amendment controls for third-party communications dates back for centuries.

A lot of this was just a quick Google search away, and would have been just as relevant the very year GMail was introduced.

Likewise there's no theoretical reason to trust internal Google policy controls over U.S. government legal and policy controls. Even if what the author thought had been true about U.S. law actually was true, he'd still have been setting his customer up for the possibility of having their confidential data leaked (maliciously or not) or hacked into (e.g. by the always-vulnerable password reset function).

That's not just a nitpick either. There have been a couple of services at work I would have liked to setup on something like Digital Ocean, Basecamp Breeze, etc. that I can't because of PII concerns.

So while I'm sorry that the author made wrong assumptions I don't know what to tell him other than IANAL isn't just a five-letter acronym, and "due diligence" doesn't simply mean "hire a contractor to think about this for me".

FISA and ECPA made things more secure than they were previously, which is the crazy part.

It would be great to have a service that could manage your mailserver configuration, tracking reputation & avoiding spam, while not having any access at all to the data itself.

Yeah, that wouldn't be too hard to set up. You could run arbitrary services that way -- the key would be keeping configurations totally locked down, so all config edits happen through some kind of defined interface, to let the service provider do full testing. But I don't think individual mailboxes would be very likely to cause changed in testing before deploying upgrades.

You could just use the "virtual appliance" model and do virtual machine level upgrades, with data on a separate partition -- less of a hassle than testing a bunch of upgrades from smaller patches (the paranoia about breaking it is that the service provider doesn't have root, so a failed upgrade could be bad). I'd probably want encrypted backups held with the provider too, for most non sophisticated users.

Is there any way to tell if a particular email is spam, without knowing the content or the sender of said email?

Yes, but it is still very much in the research stages, not quite ready for real-world deployment:



There is a huge amount of interest among cryptography researchers and from DARPA and the NSF.

No need to go that far. The provider just pushes code to a server the user controls. The code is trusted to just do mail server with no backdoor for the service provider to get data. That code executes in an environment trusted by the data owner, so the code is allowed to see the data and process based on it.

I'm kind of tempted to do this, since we largely do this kind of thing for VPN already. Doing it with trusted execution lets the code execute on hardware owned by the service provider, but that is technically difficult and hard to prove. Just letting you run code on your own virtual machine host is a lot easier (could be a third party virtualization provider if that is what you want, but I'd at least go for colo of my own server, if not on premise.)

> I'm kind of tempted to do this, since we largely do this kind off thing for VPN already.

Take advantage of the zeitgeist rdl.

You can look forward to at least one customer if you decide to go ahead with this. (me). :)

If all your actual email is encrypted then by definition spam is the unencrypted stuff. A long time ago in a different galaxy I built a PGP MTA (based on sendmail at the time) which only forwarded mail that was encrypted, and as expected it was spam free, all though these days spammers just might go to the trouble of sending it encrypted if they thought it would get through.

I'm guessing that people who only accept encrypted mail are such a small minority, you're probably safe from most spammers if you do this.

People who target your company and employees specifically, maybe not. But even this could be made more difficult for spammers by only allowing access to your public key directory from trusted IP ranges.

It's also a great idea from the standpoint of giving an encryption policy teeth. I'm thinking of a company where the official line is "We encrypt all our email," but then some IT screwup results in having half the company sending each other cleartext email for several quarters before anybody notices.

If your mailservers reject unencrypted mail, the above scenario can't happen, because presumably people will notice when everyone's mail starts getting discarded, and it'll be fixed very quickly.

Even just setting START TLS REQUIRED might solve your spam problem, as long as only a tiny minority of people did it. That would have the added benefit of protecting you from Yahoo Mail users, the FBI, and such.

At this point, I'd consider NOT using START TLS for your MTA to be nearly as irresponsible as not using ssh instead of telnet/rsh, or not using secure passwords. It correctly pushes all the pain onto the sysadmin (and a very tiny amount of pain), rather than end users.

Do you know if a successful response to a START TLS command endured end-to-end TLS secured mail transport?

I kinda doubt it - if for some reason your outgoing mail server connects to one of my secondary/relaying MX servers, I don't think there's any way for you to ensure that server bothers trying to set up a TLS session when it relays my mail(which I guess is mostly my problem/fault) - and similarly, if your ISP requires you to send mail via their SMTP servers (blocking port 25 isn't uncommon here) - I don't think you've got any say in whether or not that server requires TLS?

(I know - I really should go and look this up myself…)

Usually people do not block 465 or 587 (if they do, they really really suck, and you need to VPN through that network anyway). For outgoing mail, you just do STARTTLS directly to your own smarthost over those ports.

It could be a crowd-sourced effort -- e-mails that are spam you mark as spam and upload to some repo that is maintained by someone (a la Adblock). You keep your filters updated, and run your e-mail against the filters file.

That's how current spam filters work, every mail server reports back to some central directories which keep tab on IPs, common subjects, keywords and other characteristics used to calculate spam scores. The trick is doing that without giving out access to message content to third-parties.


You can free ride -- receive the spam directory but not contribute. As long as your mail is representative of the overall mail corpus, that works out fine.

That would be trivially defeated by sending everyone a slightly different spam email. (And if your encryption doesn't produce totally different files for slight changes in plaintext, it doesn't deserve that name.)

I think you're replying to the wrong comment tree. Spammers already do this today, by including your name and other data in the message, and varying the wording, but that is not enough to fool the spam blockers, and there are diminishing rewards as your addresses/IPs begin to get marked as source of spam regardless of the content.

No, it was the right one. I was thinking about the grand-grand-fathers suggestion in relation to encryption.

Maybe homomorphic encryption[0] could help here? Here's what comes up after a quick Google: http://www.eweek.com/c/a/Security/IBM-Uncovers-Encryption-Sc...

[0] http://en.wikipedia.org/wiki/Homomorphic_encryption

For those interested in google apps retention:


Spoiler Alert: Apps for Business/Education only

While OP's apology is appreciable, there was more than enough information available in 2008 to understand that his Czech colleagues were right.

The Prism scandal may have come as a surprise to US citizens, but the US has been spying foreign nationals and companies for years, and we've long known about it - haven't you heard of Echelon? It was also well known that these systems were used for industrial espionage.

Agreed. From September 7, 2001, on CNN:

European Parliament adopts 'Echelon' report

(...) the document lists several examples in which intelligence officers are believed to have interfered in a commercial contract. The report claims that European aircraft maker Airbus Industrie had its lines tapped in 1994 while negotiating a $6 billion contract with the Saudi Arabian government and national airline.


Huh. How is "You should've known!" a useful response to an apology? Of course he should've known, that's why he's apologizing.

There is a big difference between "Subsequent facts have shown them to be right" and "Evidence existing at the time already strongly indicated they were right".

It's written as if dubious access to data by US (and other; see ECHELON) security services is a startling new revelation, whereas in fact it has been a known risk for a couple of decades, and certainly a consideration when using hosted services. Here is a European commissioner raising it as a concern with respect to the Data Protection Directive, over a decade ago, for instance: http://europa.eu/rapid/press-release_SPEECH-01-368_en.pdf

It is a useful response because it allows for the solution to these sorts of things to occur: continued discussion of the need to enlighten oneself, and be aware of the lies of the world as they are told. An apology is not the last step, merely the first, in amending the situation .. and thus a continued dialog is of use.

Exactly, AFAIR it's always been sorta known that US intelligence agencies can spy on non-US citizen data held on US servers without a warrent. The PRISM lark is mostly big because it's spying on US citizens.

Even PRISM turned out to not be spying on U.S. citizens though. The NSL or FISA warrant required demonstrating that the target was more likely than not to be a foreigner.

Verizon metadata is different perhaps, as is the idea of 641A-style mass interception of communications. But PRISM itself automated FISA compliance, it didn't actually create more NSA powers than existed before it.

It is big for that reason in the US. The rest of the world is shocked by the, now undeniable, extend of the spying.

Everybody will think thrice before storing their data in the US. Especially since Obama has made it more than clear that the rule of law does not apply to foreigners.

Agreed - that was the exact reason that I was apologizing to the guys in CZ. I simply had no idea. Once we talked through the issue, I trusted their judgment (just like they've trusted ours on the areas we know better).

It was simply an area I'd never done any work in - that's the benefit of a global, diverse (and still very small) organization.

I "know" that aliens are kept at Area 51. Should I prepare for the invasion?

Nothing was "known" until these leaks. It was the conspiracy theory of nut jobs. Now and only now is it "known".

> It was the conspiracy theory of nut jobs.

no. you should have a very short memory, or you just consider the dossier made by "European Commission" about Echelon the work of nut jobs: http://cryptome.org/echelon-ep-fin.htm

Yes, nutjobs like the EU's executive and legislative bodies, the BBC and the Guardian. Who would ever take them seriously?

Really, ECHELON in particular has been acknowledged to exist by pretty much everybody since 2000 or so.

Sadly the NSA programs are strongly anti-business as it is based on 'trust in me'.

American businesses could and should lobby Congress to fight this and to find ways to protect US stored data, I know I wouldn't trust a Chinese cloud company not to snoop or steal business/corporate ideas and trade secrets.

But if there were assurances for US cloud businesses that this doesn't affect their business ideas accidentally or deliberately then we could set a global example on how to run cloud data storage that is safe and business friendly. There is an opportunity here for Google, Amazon, Apple etc for cloud data.

Lots of damage control to be done here for international clients. As an American I would always trust our systems more but international companies may have a very hard time trusting without the US being a shining example of how to correctly protect business data in clouds here, especially encrypted data that is automatically subject to storage/filtering if international.

But what protection of stored data do you mean should Congress find, by introducing some Laws? Because, well, if the data are not encrypted on the server, then someone could still take them... that's how Internet works. For now, the only solution I can think of is that you encrypt the data locally, and upload only the encrypted data - but this way, the cloud provider will not able to provide any additional value. Or are there some other possibilities?

Not necessarily talking about encryption or security of data, that should already be an inherent part of cloud systems.

I am talking about protections on unauthorized access by agencies (even for national security) meaning no more blanket access to all email/files/etc rather explicit machine read systems that only access data that has a warranted access and useful to the investigations.

Human access should not be allowed unless the data has already been warranted, filtered by the system and useful in the investigation that the NSA/DOJ/ etc might be using.

A big problem right now with it is blanket access and collecting content in bulk to sift through. There should be no way a human can go into an email box or cloud files and read everything for instance unless the person themselves is under investigation, email communication with that person can only be pulled from other innocent people's boxes that are part of the investigation, not everything. As is it right now they just collect everything and store it. It should also have heavy encryption and 3-5 approvals/logs/access audits per individual human access so there is a minimized threat of people searching business ideas for personal gain. This would prevent the one time email or document share with someone that they allows access to all their data. Explicit access and heavily verified across judicial, audits and multiple users 3-5 at least approving or seeing the access within the security organization.

NSA and CIA etc are patriots and like their freedoms as well, I am sure they don't want colleagues stealing ideas, business plans and random people's personal info when they go civilian. It is currently too sweeping and broad due to terrorism threats that have yet to take away as many freedoms as our own internal legal overreaches.

For example, right now let's say I am some crooked agent or politician, I could have one email or call to a person and justify looking at all their data. This might be someone who is in a competitive company or business information they want to find out. Steps like the above would minimize those abuses which are bound to happen. Take for instance oil mining or product plans, these types of competitive environments are very susceptible to snooping and corporate espionage without heavy controls on access to data.

Protection for international users in the same as US persons. Noone will trust storing data on our servers and cloud systems if they know all their data is being filtered and easily accessible by a single agent.

Also, extremely fast audits, judicial warranting. There is no reason it should take a long time with today's tools. I imagine the NSA and others are collecting all this data because the bureaucracy makes it difficult to get approvals in time, so they go in bulk as a fail safe. I dont' envy them the work is very hard and it is justified when true threats exist, these people typically aren't evil and most have the best intentions. But with great access to information comes a power that is hard to contain if not verified.

Timed release/removal of information that is not needed now, not indefinite storage. Will this make us less safe? Maybe but freedoms are not easy, it takes work to be free. Authoritarian is easy.

Maybe something like a Bill of Data Rights that also applies to international people in addition to the US. We would really revolutionize rights and data rights in the world, it would attract alot of business to data storage in the US. However currently data is free-er in other places sadly.

> Human access should not be allowed unless the data has already been warranted

Access should not be allowed unless the data has already been warranted.

I don't care a fig whether my privacy is being violated by amoral machines or amoral humans.

> Human access should not be allowed

Yes, of course, but this is not enforceable. You have to trust the company that they will not allow it. You can't ensure it.

I love how business-friendliness is your top concern here.

How about this: only businesses (like Facebook, Google et al.) should be able to say 'trust in me' - to their customers. Privacy regulation is only for the government, this will ensure that the surveillance state is built by corporations, as God intended.

It's obviously a huge risk and embarrassment if the US government looks at data from Europeans. But if American companies sell each other that data, that should be of no concern to Europeans, because private companies are all inherently trustworthy without external oversight.

Well I mentioned business aspects since that was the topic/article focus, lack of trust in US business/cloud data due to unsure protections and secrets of business.

Also I mention that frequently because the people that say 'I have nothing to hide' and don't mind, might think differently if they are business focused and do worry about people stealing ideas, plans, or reacting based on those business secrets.

It is bad all around when individual privacy is at risk unknowingly, but it also affects business privacy and that impacts everyone and harms perception of US cloud services for one which the article mentions.

If you make something public on a website like Facebook you should expect that will be used. But noone expected private emails, phone calls, logs of files in the cloud to be so easily accessible. It creates huge problems in business trustworthiness and protections. That aside from the more important lack of individual privacy that is expected in the same and the root of the problem.

> How about this: only businesses (like Facebook, Google et al.) should be able to say 'trust in me' - to their customers.

As a user of Facebook, you aren't a customer, but the product that is sold to the advertising customers.

Historically, similar systems have been quite pro-business (or pro-American-business); ECHELON sigint data was used in the 90s to help Boeing win a large contract over Airbus, for instance.

It doesn't take much reading of the literature to understand industrial espionage or any of the other substantive risks of outsourcing. Prism or not, when you put your intellectual property on someone else's networks you are taking a risk.

Yet most of the managers I see who make this decision just don't care. They ignore the advice of their systems admins and follow the old adage "you can't get fired for buying IBM" like sheep to a slaughter. It's typical of the short-term mindset that drives so many business decisions.

I chalk this up to a lack of education, both in business and IT. While CS professors obsess over data structures and algorithms, and non-IT departments preach about the relevance of the next quarter's results, "Rome is burning".

We'd brought up a wafer fab in the Hsinchu Scientific Park in Taiwan before - so we weren't strangers to the concerns about industrial espionage. Several of us have done a lot of work with the government and we'd manufactured some very sensitive products (as does the current business).

My apology is really around the fact that at the time we were trusting that such programs would not exist here (this was before explained Echelon to us), and that the US didn't work that way. I was naive and I was wrong.

we were trusting that such programs would not exist here

It's still not clear what programs you are talking about. Because google provides no access logs "someone could go into our account and take confidential information, and we would never know". What does that have to do with Echelon or Prism?

I just wonder why telcos I've been dealing with have always required to encrypt all information which is not classified as public information. All customer, project, system, configuration, documentation, contracts etc. must be encrypted before transit. - Surely they must have known about this. So if telcos won't trust privacy of telecommunication, why should anyone else think that telcos are trustworthy?

(A) Yes, they probably knew about this, at least as a potential risk; while the media has gotten very excited about PRISM, it isn't really that different to ECHELON, which has been effectively public knowledge since the late 90s.

(B) Governments aren't the only ones potentially spying on peoples' unencrypted comms.

The author is overlooking one major flaw in his discussion: security (and possibly also reliability). His implication is that they can run internal servers more securely than Google and Salesforce. While government collection of encrypted emails is problematic, securing your own server and making it reliable is an entirely different issue. Unless they have an absolutely top notch security team they'd be better off on someone else's servers.

This is perhaps true where budget is severely constrained, or where Windows servers are spec'd, or where developers do systems administration, or where the corporate culture won't pay for capable IT.

Experienced IT staff can typically exceed the uptime of Google and Salesforce on a standard budget with no special accommodation. Perhaps the organization's IP (intellectual property) wasn't really worth that much, or upper management forced their hand? Sounds like that wasn't the case but you never really know.

When your provider is forced by their government to just hand over your data, security is pretty much irrelevant. Anything is more secure than that.

No, not true. There are government and non-government attacks. Even if we assume cloud services are more vulnerable to government snooping, we need to also consider that many more companies and individuals suffer more damage from regular criminal hackers than from the NSA. Avoiding a small risk by increasing your exposure to a large risk is not rational.

Generally this is a good point but I think it's not relevant in this case. The author of discussed article claims that they do business with governments and the knowledge that US government can access their data just by asking their provider to give it to them is not some 'small risk' that you might want to accept to avoid something worse - it's a deal breaker. Expose yourself like that and you have no business.

The problem this, and many articles are missing: it isn't that the gov is taking the data from the cloud providers' servers. It's that the gov is mirroring all internet traffic and backing it all up.Thus they don't have to gain access to a cloud provider... let alone to a closet server, to get your traffic/emails.

Our IT team, though small, is very good at what they do and extremely focused on security. We install machines on customer floors that run 24.7.365, which themselves are remotely monitored and serviced. Security is important to us from a manufacturing standpoint as well as from an operational standpoint.

How nice that finally there is understanding, that web-based services are good for providers and third parties not users.

It's so obvious.

Hosting the email on a server in your office is no protection if the data is being captured at your ISP unless all email is transmitted using SSL, and even then govt probably has that cracked long ago.

I wonder if this problem is particularly acute for Eastern European companies who often sell their products to despicable despotic regimes.

How would that differentiate them from Western companies?


Yeah, because there haven't been any despotic regimes in the US lately.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact