Hacker News new | comments | ask | show | jobs | submit login
Revelations of N.S.A. Spying Cost U.S. Tech Companies (nytimes.com)
244 points by cottonseed on Mar 21, 2014 | hide | past | web | favorite | 113 comments

"Even as Washington grapples with the diplomatic and political fallout of Mr. Snowden’s leaks ..."

That statement is a perfect example of the real problem with the US government and many journalists. They don't see the actual spying as the cause of all the backlash - it's all Snowden's fault for telling the world.

Political journalism in the US has been meta for so long, I don't think they even know the difference anymore.

Politics and Journalism have always been a little 'you scratch my back, I'll scratch yours'. They both need each other to exist, and yet feign like they can't stand each other at the same time.

Or with Murdoch it's BIG, not little. For example, after all Murdoch newspapers in Australia (which is most newspapers) went for one political party. That party won the election, and afterwards Murdoch got almost a billion $ tax cut from the government that was elected. Similar tactics are used all over the world, and he switches sides too.

It's been like this for a long time. A controversy will feed itself, the actual issues won't as easily be stuck in perpetuity.

Even history is taught like this.

History is a narrative.

Teaching is a narrative.

Media is a narrative.

Examining the root causes rather than the narrative fabric is rational. Most governmental actors are either intentionally or ignorantly not rational in this respect.

Going a bit higher up the stack from where you are at it's a perfect example of the real problem being the US Patriot Act which required the NSA to spy in ways that were not in alignment with their prior charter. In terms of spying itself, everyone is fooling themselves if they think other countries aren't engaged in the exact same activities. Snowden's leaks simply brought what's been going on for a long time by a large number of governments into the public light.

Exactly. I'm not convinced that the German government is all that invested in the privacy of its corporations or citizens. The world needs more Snowdens!

"What would Snowden do?"

Why don't we got one step deeper and blame media for publishing and making a big deal of Snowden revelations or even a step further and blame people for believing media.

When put that way it is quite clear that Snowden is not anymore at fault than media or people.

It's really The Guardian's fault for completely botching the PRISM reporting. They thought DITU (a department of the FBI) was a server and from that misunderstanding came to the ridiculous conclusion that the tech companies gave the NSA a backdoor into their systems.

This has been a problem, but it is comparatively minor. Even without this misunderstanding trust in US companies is broken because they aren't allowed to talk about what they do and do not do for national security agencies.

The fact that the US can and has used its warrant powers to force US companies to comply with spying directives is a bigger problem.

The fact that the US is stopping US companies talking about how often secret warrants are served is a bigger problem.

The fact that the US has subverted security processes put in place by US companies is a bigger problem.

Every country in the world has used its warrant powers to force companies to comply with spying directives because every country in the world has its equivalent of an FBI to execute wiretaps on people with a warrant. Every country in the world's spying agencies subvert security systems. The GCHQ seems to do that more than anybody else according to the leaks so far.

The only thing these companies weren't allowed to report was the number of NSLs and FISA requests they received, but now they can in broad ranges of 1000.

A relatively minor error in an extremely large body of quality reporting on an immensely important topic. On the balance The Guardian deserves many accolades for their reporting in this area.

Relatively minor? They claimed that the companies were allowing the US government to read anybody's email and view anybody's Skype videos without a court order. That seems like a pretty major mistake to me. Worse, Spencer Ackerman made that same error reporting for The Guardian just last week. Their reporting has been astonishingly bad.

Yes, I agree. Maybe the FISA law should forbid the press from even reporting on these things.

That would be consistent with their rationalization for muzzling the tech companies who give up our data.

After all, the bad guys now know where not to store their data. Heck let's just have the government take over internet and shut down all private websites. Total information control. That'll stop terrorism!

It's actually the US Government's fault for making it mandatory for people to learn to read.

There, full circle.

"A person who won't read has no advantage over one who can't read." - Mark Twain

There is already a "war on" education, reading is fine so is arithmetic, independent and creative thought is real criminal. What we need is a solid foundation of the basics, w/o any of that pesky high level stuff.

Fucking liberals and their fancy "education policies". You know who likes education? China. Fucking communists.

I'd prefer journalists themselves not take a position on the spying or what Snowden did.

The statement contains no judgement either way.

Sounds like you're the target market for Glenn Greenwald's new news organization.


"Taking no position" often leads to annoying "he said/she said" lazy journalism. You know, where no matter how obvious the truth is, they find some photogenic dimwit to oppose the issue. Lazy journalists can then claim they took no position, and presented both sides of the issue in question.

This is essentially the same as the Creationist's stated desire to "teach the controversy". Rubbish. Show the evidence and say what it adds up to.

"Controversial" really is the favorite weasel word of that brand of journalism. Sometimes there's an actual debate, but more often than not, one side or the other is just factually wrong.

Exactly. Too many news organizations eschew investigative reporting and instead lazily settle for "presenting both sides." And what if there are more than two sides? Well two is enough. It'll do.

To even decide to report on an issue in the first place is to take a stand on its value. News organizations are doing the public a disservice in stopping there.

No such thing as a neutral position. Journalism editorialises by definition.

Exactly. If I were making a "neutral" or "position-less" documentary on the planet Earth, it would be impossible for me to actually do. I could ignore flat earthers, but then I would arguably be taking a position in the matter of "what is the geometry of the earth.". But if I gave them equal screen-time, or really any screen-time, then I would be unfairly giving them far more screen-time than they were deserving of making me biased in favor of them.

The entire notion of journalism without any sort of position, biases, or editorialize is absurd. Nothing but a completely raw and unfiltered datastream of everything that I receive could possibly qualify, except that of course would not longer be journalism of any sort.

Neutral position is a platonic ideal, you're correct.

To ignore that ideal is where journalism turns into "entertainment" and "propaganda".

I don't think this is really true, and I think it's a dangerous perspective to hold because it excuses biased journalism as "honest." It is entirely possible to present facts in a fair and even-handed manner. These facts may ultimately favor one party over another, but this does not make the journalist's position partial or editorialized.

It's only possible when you're able to report all the facts. If this was the case we would have no need for journalists, we'd all go straight to the original source. As soon as you need to choose a subset of facts to present, you have to choose which subset, which introduces bias. And remember that a fact is something like "When we MRI'd this subjects head under these conditions, this is the image that resulted", not "Scientists believe that wearing tin-foil hats causes cancer."

Take global warming, for example. Many media outlets seek to present an "unbiased viewpoint" on that issue by reaching out to climate-change deniers in addition to climate-change scientists who believe in global warming. But that ignores the fact that climate-change scientists who support global warming outnumber climate-change scientists who deny it by something like 400:1. But that ignores the fact (principle, actually, technically this isn't a fact) that science isn't decided by majority vote, it's decided by looking at the data and the evidence.

The actual facts in the global warming debate is that we've recorded these temperatures at these locations across the globe, and they appear to be rising over the last century. But that's not what people are interested in: the "story" is "Are humans causing it? What can we do about it? What will happen next?"

"The actual facts in the global warming debate is that we've recorded these temperatures at these locations across the globe, and they appear to be rising over the last century."

To be clear - the only fact involved is the measurement of at a particular time at a particular station. The temperature of the world as a whole, and trend in temperature over a century, is a matter of interpretation and analysis, not pure fact. All sorts of statistics needs to be applied to clean the data, adjust for changes in station location, adjust for the growth of urban heat islands, etc. To see an example of the debate over these adjustments - http://climateaudit.org/2010/12/26/nasa-giss-adjusting-the-a... - changes in adjustments can have a large impact on the resulting graph.

Not true. It is quite possible to report both sides of a story. Fair reporting doesn't mean opinion less.

This is logically impossible. Journalists selectively choose what to write about - this is an act of curation. This is further editorialised by the news organisation. What do you think an editor does and why does every news organisation employ tiers of them?

Even calling it a story is well, telling a story. Presenting in terms of two sides further frames as a kind of dramatic fiction.

There is nothing wrong with all this and it makes news interesting and sometimes even edifying. Adam Curtis is an example of somebody who very blatantly selects and uses dramatic technique in order to shine light and show new perspectives on contemporary history.

The danger is in kidding yourself that it could be any other way and that there is some kind of objective and balanced position which reasonable folk hold - that's how people get manipulated, usually against their interests and sometimes in awful ways.

> This is logically impossible. Journalists selectively choose what to write about - this is an act of curation. This is further editorialised by the news organisation. What do you think an editor does and why does every news organisation employ tiers of them?

By that logic it is logically impossible to ensure fairness in a judicial system. Should we then just give up and tell judges to do what they want instead of striving for the ideal of due process under the law?

As far as I know, courts aren't in the business of selecting juicy stories to get an audience to sell ads to (Judge Judy maybe).

Since you bring it up, that a court can't be completely certain is of course one of the main arguments against the death penalty - plenty of faulty convictions that we know of to back that up.

There's a much bigger difference though and that is that news outlets are mostly in private hands and usually quite openly run an editorial line. How would you feel about Murdoch or the Koch bros running the judicial process if you are certain the press are and will remain so even-handed? N.B. I'm not even saying this is necessarily a bad thing wrt journalism, just not to be fooled that it is something else (and which it often purports to be). Any adult should know that it's both foolish and dangerous to believe what you read in the press.

A trial is already the telling of two narratives, with the jury deciding which is more compelling.

> both sides

Because every story has exactly two viewpoints, with the truth somewhere in between?

It's certainly easy to end up thinking that, and that's yet another reason reporting "both sides" is actively harmful.

It depends on the issue At hand. If you truly understand an issue, whether there two or twelve sides to a story, you should be able to understand and explain the positions of the major players.

That doesn't mean there is no editorial slant.

What we typically hear on modern mainstream media is reprinting of PR. Regardless of agenda, there is no understanding.

It very much does. Stopping the blame at Snowden was a judgment call. They could have said it was the fallout of their own reporting (stopping the buck further down the line), or of the practices that Snowden leaked memos about (stopping the buck further up the line), but instead they chose to point the finger at the middle man. That is judgment.

Starting the headline with "Revelations of spying cost" instead of "Spying costs" is taking a position.

The concepts aren't mutually exclusive. The spying is the underlying problem. The fallout is indisputably the result of Snowden's heroic disclosures -- and yes, I'm a full-on fan of what Snowden did, as well as why and how.

The Forrester note† that the article links to is a little more balanced that the NYT article. If you don't have time to read the whole thing, here are some good quotes:

It's naive and dangerous to think that the NSA's actions are unique. Nearly every developed nation on the planet has a similar intelligence arm which isn't as forthcoming about its procedures for requesting and gaining access to service provider (and ultimately corporate) data. As stated in the ITIF report, German intelligence has the G10 act which let's them monitor telecommunications traffic without a court order.

The fact of the matter is that the IT services market is a part of our portfolios because it provides capabilities we value either against IT or business metrics. And it's highly likely these values are worth more to you than the potential risk you think your company faces due to government surveillance. And if your company is a prime target for government surveillance, you are probably being watched from within your own firewalls right now.

... you can take actions yourself to protect your data from prying eyes when using these services. A quick tip: bring your own encryption. If you hold the keys the governments can't get to your data by going through your service provider.


For me, it's not about shifting data out of naivety that companies/users aren't being spied on everywhere.

Instead it's about shifting data into a legal domain in which you hope to hold someone to account for intrusive spying.

A non-US entity has zero chance of ever holding the government and agencies of the USA to account. And we're also aware that US companies can be forced by the US government or agencies to access data held (by them) overseas.

But we do have some chance (fractionally above zero, I'm not deluding myself) of holding our own governments and companies within our legal domain to account.

None of it is a substitute to encryption, but this isn't solved through tech alone.

It's not as if government spying prevents anyone else from doing it. And in any case, 'because it's happening anyway' is a terrible argument, you could just as well say that about any crime you care to mention.

Almost all nations have standing armies. But, in isolation, that statement is very deceptive. Only dozens of nations could successfully invade a neighbor. Less than a handful of nations could mount sustained wars across an ocean.

Since surveillance budgets probably track military spending, there are probably many places where surveillance is as ineffective as their military.

But your bottom line is correct: "If you hold the keys the governments can't get to your data by going through your service provider."

Not only are those wise words for users, enabling that way of working, and making security an easy verifiable default is going to be the only way to heal this problem for US tech companies. And they have been slow to get started.

    Not only are those wise words for users, enabling that
    way of working, and making security an easy verifiable  
    default, and, is going to be the only way to heal this  
    problem for US tech companies. And they have been slow 
    to  get started.
The trouble is the service providers have a significant vested interest in having access to your data. Google will never implement a system where only you have access to your data because they make a lot of money by accessing your data.

Depending on where you want to draw the line it would not be a stretch to say that an advertising company like Google would be eliminating their entire revenue stream by implementing such a system.

The reason Google or Microsoft or Yahoo won't implement it is that only on the order of a few thousand people want it. Most people would much rather be able to search their email from any device, which requires the server to have an unencrypted copy.

These companies don't bother with products that have such a niche market. There are plenty of smaller companies that do though, so I don't see anything to complain about.

If only a "few thousand" people want security, then they can't be losing a significant number of customers.

I already pay Google for things they can't sufficiently monetize with ads. Why not offer service and charge for it?

Sure but unless this new service is along the lines of "I generate my own key pair _and then only ever give Google my public key_" there's no way they're getting me to trust them. And I seriously doubt that's something they are going to try to do, it's to much of a niche market for Google IMO.

Because that would be a major business pivot?

Isn't business supposed to adapt to the environment rather than vice versa?

Are people no longer clicking on ads? I'm pretty sure Google is still raking the millions and billions it's getting from ad revenue. The environment isn't actually changing.

Hmm this thread is full of people talking about pulling their data off google, so I guess we are talking about longer term viability of free google apps.

> I guess we are talking about longer term viability of free google apps.

Yeah, they've already disabled getting new instances. If you have free Google Apps, you're basically on borrowed time.

What I found most surprising about Germany is that the people here are really insistent on Datenschutz (data protection) and hesitant to e.g. use Google services or Dropbox, while its law enforcement is among the top requesters for data:


Well that is the legacy of East Germany, reflected in both citizens concerns and police habits.

It goes back before East Germany as well.

Being paranoid doesn't mean they aren't out to get you.

The intelligence capabilities of other nations don't come close to what the NSA can do.

This is like comparing a pee wee football to the NFL.

How many of the Snowden cables were regarding actions by GCHQ?

If anything intelligence is something that's easier for other states to do as long as you're willing to be less capable than "I could plant a SCADA malware that would slightly affect UF6 production in an airgapped network, in a way that would be irreversibly destructive before it could be detected".

For the rest of what they do, the resource investment costs are far lower than fielding a "real" military, and it's even much easier to find quality amateurs and train them up to professional standards since you don't need 100,000-man armies to have an impact. That's the unpleasant reality of automation for the U.S.; it levels the playing field for the rest of the world.

VUPEN doesn't work in a vacuum after all; I'd be willing to bet the French state itself has quite capable cyber surveillance, attack, etc. capabilities.

Pretty sure both the Chinese and Russians have reasonable intelligence capabilities, especially online.

> Forrester Research, a technology research firm, said the losses could be as high as $180 billion, or 25 percent of industry revenue, based on the size of the cloud computing, web hosting and outsourcing markets and the worst case for damages.

This was the bit in the Times article that was significant to me.

That estimate is up from a few months ago.

It will go higher. Then, when people have a choice of veriably secure gear and services from non-US companies, we will see a decline in the "they all do it" posts here.

It's not the revelations that are costing the tech companies. It's the spying.

Yeah, by the same logic, the NYT causes anguish by reporting on tragedies and disasters.


> Despite the tech companies’ assertions that they provide information on their customers only when required under law — and not knowingly through a back door — the perception that they enabled the spying program has lingered

Nobody cares if data leaks are intentional or legal. When China was suspected of backdooring routers in 2012 I don't recall anyone caring if it was intentional by the Chinese Tech Companies, or the legality of it if it was intentional. The Congress issued a report saying :

Chinese telecommunications companies provide an opportunity for the Chinese government to tamper with the United States telecommunications supply chain. That said, understanding the level and means of state influence and control of economic entities in China remains difficult. As Chinese analysts explain, state control or influence of purportedly private-sector entities in China is neither clear nor disclosed.34 The Chinese government and the Chinese Communist Party, experts explain, can exert influence over the corporate boards and management of private sector companies, either formally through personnel choices, or in more subtle ways.35 As ZTE’s submission to the Committee states, “the degree of possible government influence must vary across a spectrum.”36


Recommendation 2: Private-sector entities in the United States are strongly encouraged to consider the long-term security risks associated with doing business with either ZTE or Huawei for equipment or services. U.S. network providers and systems developers are strongly encouraged to seek other vendors for their projects.


> Yeah, by the same logic, the NYT causes anguish by reporting on tragedies and disasters.

In some way it does. The side effect of all this reporting is population getting increasingly and predictably more stupid (availability heuristic, for starters) AND stressed at the same time.

I'll take this one step further.

Television news, at least mainstream TVnews in USA, is a totally stress/fear inducer purposely delivered in the most dramatic and usually shallow way possible, so you stick around for the commercials and at the same time the elists influence the viewers' political decisions.

Almost everyone would be better off without it as it exists today.

The charges would be equally effective if they were untrue.

A lot of things HN has claimed about NSA really can't be substantiated, and that DOESN'T mean that I have to believe the HN position by default.

> [IBM] is spending $1.2 billion to build cloud computing centers around the world to lure foreign customers who are sensitive about the location of their data.

IBM et al are still American companies, and until they're immune to American legislation (ie: FISA Section 702) then no-one will touch them with a fifty-foot ethernet cable. The location of the data is irrelevant.

The US Government will not budge on this issue, and they will happily throw the entire tech industry under the bus. Bailing out Silicon Valley and nationalizing as much as possible is very appealing, too.

I'm a little surprised this wasn't emphasized in the article. It doesn't matter where the equipment is: the us government can still secretly force you to backdoor it and lie to your customers and the press about it.

For that there is the solution to create a company branch legally indipendent from the main one, so all the assets linked to it would be under the legislation of the state in which they are

Do you really think that IBM would jeopardize its enormous contracts with the US federal government because some subsidiary won't/can't get at data?

You have a lot to learn.

Didn't they lose the CIA's cloud computing contract to Amazon? How much international business are you willing to lose for the harsh US government mistress?

Are IBM's US government contracts larger than all their foreign business?

But are they IBM subsidiarities rather than IBM USA?

What I find scary is the amount of datacenters being built by US companies abroad.

For example Equinix is building large datacenter all over Switzerland. Swiss companies are blindly trusting them with their equipment. Equinix controls the keys and access to you racks and cages. They can get to your hardware with ease and surely will when is US government asks no matter what Swiss laws may say.

What I also find suspect is the amount of investment banks (never heard of any of them before) in these datacenters with large cages of machines. Are they really investment banks or a cover for machines where the NSA stores data. If they can monitor an entire nation for a month they have to store that data somewhere close when dealing with such huge data volumes.

The solution to this isn't "different datacenters".

It's to go back to the original end-to-end internet so I can run my servers on my premises.

That won't stop the NSA from targeting me specifically. But it makes the whole dragnet thing a lot harder when the data is coming from a million physically distributed sources instead of 1,000 sources in one datacenter.

Personally I've been using fewer Google and other hosted services simply because they make me feel 'icky'. More and more I use startpage for general searches and tor for anything personal like medical information that I don't want in my permanent record.

Same here. I'm almost completely off Google products. If you do keep using Google products, make sure you disable location and web tracking. I deleted my Facebook account. I switched back to Firefox. I use startpage and DuckDuckGo. I switched my phone to CyanogenMod. I send everything through a VPN. I have Thunderbird, instant messaging apps go through Tor, basically anything that is asynchronous (although I don't use Tor for everday browsing -- it's just too painful). I use TextSecure for SMS. Basically the same user exerience, but I feel better.

I'm using Dropbox for now, but looking for alternatives. I wish there was a better alternative to email.

I'm using Dropbox for now, but looking for alternatives.

My wife and I have switched to Bittorrent sync. It's fast and you have the amount of storage that your computers have. We have one very low-power machine that is always on to assure that we can always sync.

Folders with important data are backed up using tarsnap.

If you want Dropbox with clientside encryption: https://www.wuala.com/en/learn/technology

I use seafile on a raspberry pi: http://www.seafile.com/en/home/

+1 for mentioning medical information. Right now with the Affordable Health Care Act, no penalty for preexisting conditions, but get a republican controlled congress and white house, and that might go away.

Oh... you must watch The Daily Show, with all of that political prowess... and stuff.

The issue of foreseeable consequences is one of the main points I have a problem with. The public was sold war and surveillance to "protect" them, but lets face the realpolitik, it was about "National Interests" and not "National Security", which the totalitarian oligarchy like to conflate as the same. They aren't, but even if they were, they had to have had at least a few analysts in a dark room somewhere who figured this out and sent some reports up the chain. (of course they probably got fired or sent to the mail room...) They knew this was a possibility, that by turning on and growing the surveillance state and trying to kill privacy that it would increase the possibility that the programs would become public, and therefore undermine American credibility as a safe haven.

I would present to you that, while they will claim they were unaware of this potential, the reality is that they knew it, and accepted it, because what has been happening is a power play in a currently fairly quiet but still major shift in global power.

I've argued with my intel friends that they are off chasing bad guys OCONUS when the real bad guys are in DC, NY, and London, but now those same entities have a stranglehold on the intel agencies themselves (I mean, they always did, the original CIA guys were all Wall Street old boys in the first place, but now it's much worse in my opinion.)

Do we really think Hayden is the brain behind these moves? Or Hanlon's razor? No. The surveillance issue is a symptom of a much larger issue at hand, and until we take the discourse to that level there will be very little progress made. All three branches and the fourth estate are corrupted, which undermines our entire already weakened constitutional framework.

Now, the realpolitik they don't discuss with the public is that in the new globalized world of supranational entities the concept of national sovereignty is a lost cause.

My problem is that they made the decision to adopt this constitution undermining policy without even having a public debate about it.

The oligarchy have said, in essence: "The proletariat serfs are too dumb (from all the propaganda) to make informed decisions about their democracy, therefore, we shall placate them with gladiatorial political shows while we pull the strings from the shadows."

The proliteriat are dumb because they're constantly stuffed with propaganda tailored to their low intelligence because it's assumed the proliteriat is dumb. It's circular reasoning used to rationalize the unbalanced locus of power.


The main cost for me is that I plan to move myself and company to Berlin, DE rather than Bellevue, WA. Given the vastly better hiring position, great universities, CCC, and overall benefits of being in Europe, this seems to be a negative cost overall.

So thanks, NSA.

If you ever need DevOps/Ops people who want to tag along, see my profile! In Chicago, headed to Europe long term.

What's the visa/immigration situation like?

I had an MP personally mail me asking me to move my business there. In general, it doesn't seem as bad as the US for immigration (from outside EU; within EU it is trivial), but it's a bit bureaucratic and complex. As a funded startup, it's not a big deal.

I'd be curious to know how your German taxes will compare to the U.S.

(I'll figure out projected and actual costs and blog about this at some point! I selfishly want to get other tech companies to move, too)

Early on, pretty much irrelevant -- VAT is the pain (and the cost of flying to the Bay Area frequently, the cost of moving, putting a bunch of my guns in archival storage, extra hassle in fundraising, ...)

I'll probably be back in the US or in non-Germany by the time of taking capital gains, so it's really just:

1) Taxes on business profits 2) Personal income taxes (which, since I don't take a large salary, can't be huge; roughly the same German rate vs. SF rate) 3) Social insurance/etc. net of services

SF, CA has absurdly high taxes (federal/state/local) PLUS higher effective taxes due to both high prices pushing income brackets up, and things like $2mm shitty condos being effectively a "tax" as well, and shitty services for the money (so you have to purchase private alternatives on top of paying taxes).

On #3 -- I am indifferent between spending $500/mo in increased tax vs. $500/mo on healthcare. For people with school or college aged children, education benefits in Europe seem to be worth a huge amount. There are intangibles like not having to walk over homeless people to get into your office in the morning, or piles of human feces on the sidewalk during the mid-afternoon.

Being able to hire awesome people (competing with Rocket, Soundcloud, and a bunch of 1-2 person startups, rather than with ~every startup in SV), and not having to put up with US immigration hassle for a non-US cofounder, makes up for a lot of it. "Branding" advantages of being a European company make up for the rest.

I see, so it's basically a wash, except of course that Germany is awesome culturally and logistically (transportation, public services, technology, proximity to the great capitals of Europe).

It might be a wash on costs but the HR and marketing/security benefits are huge.

If we as a society tolerate large scale institutions devoted to undermining and exploiting trust, we will all be immensely poorer. Rule of law , robust institutions and trustworthy systems are the basic infrastructure of the economy. It is outrageous that nation states are attacking these foundations for short term advantage.

How is it that IBM would gain business? They are still an American company which makes them equally susceptible to this form of data theft. I can't see handing my data over to IBM any more than I would Facebook or Amazon. Surely the article could have picked a better example.

IBM could make their products verifiably secure. Open source client software. Web of trust. Making encryption the default. Any non-US competitor would have to do at least as much because NSA surveillance recognizes no borders. Against tier-1 state actors, everyone is on a level playing field. The question is, which nation's tech industry will be the first to decide that the only way to win is to not play the game?

Big Blue surely has clever enough lawyers to come up with a corporate structure that works here. They probably just need a foreign subsidiary in each country they want to do business in and have that subsidiary completely own and control its data centers. If you're a German company your data is and stays in Germany and would be subject to German law (which according to Snowden may not mean a much for privacy).

I wish I could find the HN comment from a few months back addressing the same idea. If I remember correctly there was consensus that the US govt has enough legal power over American corporations to force their hand with even independent international subsidiaries. As stated earlier, I wish I could find the previous thread covering this.

In many cases, IBM will sell you hardware and software. They will help you install and set it up, but at the end of the process you own your data. It's not on some 'cloud' controlled by IBM, it's on a rack of IBM-branded servers in your own datacenter or server closet. The software is almost invariably some version of Linux, so you can audit it for security.

Your question is like asking, "How can I trust that Western Digital won't turn over the data on my hard drive they sold me?"

I suppose it's possible future revelations will show that all major software and hardware packages supported by US firms contain legally-mandated secret backdoors, but we're not that far down the rabbit hole yet.

I've done business with IBM at a corporate level and I assure you that's not what's happening here. It's the clients whom are buying services from IBM saying "whoa, I'm using your services, but I don't want our data falling into the US govt's hands", that they are addressing. IBM is appeasing these clients by telling them they'll locate their data elsewhere, yet there's quite a bit of data attached to and flowing into those services.

In that case, I agree it's pretty pointless. IBM can still be subpoenaed (secretly, even) by the US government, and the NSA has been happy to work with partner agencies overseas to tap datacenter traffic in foreign jurisdictions.

I'm happy NYTimes changed the headline. It used to say "Edward Snowden Leaks Cost US Tech Companies Millions"

Now they properly changed it to NSA spying as the cause.

Read the title more closely -- the revelations are costing tech companies, not the spying itself.

Good, if you engaged in the spying you deserve to be hurt.

If you didn't then that is unfortunate but hopefully they'll apply pressure to those that did.

Finally, some good news!

I have to agree. I'm very pessimistic about this whole situation, and this is one of the few forces I can see that could have some positive impact.

OT: is it allowed to post news / articles which require signing up? i'm in turkey right now and every time i click for a nytimes link, i see this: http://imgur.com/e8VVI9v

>IBM is spending more than a billion dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the United States government.

Wouldn't IBM still be required to grant access even if the data is physically located overseas?

Not a lot here about China. One can only speculate whether they've been on top of our surveillance efforts all along, and how much of the Golden Shield project is about defense rather than censorship.

US tech is dead in China.

Thanks for the news NYTimes

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact