Group items tagged

This isn't surprising. But why does the author think the NSA or anyone else in the US government would care? The political extortion benefits of the massive global spying program to government and politicians far outweigh the profit/loss consequences to private cloud computing companies. excerpt: "Foreign competitors think they can grow market share in cloud computing because of concerns raised by the National Security Agency's PRISM program and other government collection of electronic data from third parties. U.S. cloud computing companies could lose $22 billion to $35 billion in revenue over the next three years because of foreign customers' concerns about the privacy of their data, according to Daniel Castro, a senior analyst at the Information Technology & Innovation Forum. Foreign companies, particularly in Europe, already were making aggressive moves to win more of the cloud market, which is expected to be a $207 billion industry by 2016. Now they've got a compelling argument to make, especially to Europeans who currently are using U.S. cloud companies. "If European cloud customers cannot trust the United States government, then maybe they won't trust U.S. cloud providers either," Nellie Kroes, European commissioner for digital affairs, told The Guardian last month. "If I were an American cloud provider, I would be quite frustrated with my government right now." A survey conducted in June and July by the Cloud Security Alliance found that 10 percent of foreign cloud industry participants had cancelled a project with a U.S. cloud computing provider, and 56 percent said they would be less likely to use an American company."

The European Community's Court of Justice decision in the Safe Harbor case --- and Edward Snowden --- are now officially downgrading the U.S. as a cloud data center location. NSA is good business for Europeans looking to displace American cloud service providers, as evidenced by Microsoft's decision. The legal test is whether Microsoft has "possession, custody, or control" of the data. From the info given in the article, it seems that Microsoft has done its best to dodge that bullet by moving data centers to Germany and placing their data under the control of a European company. Do ownership of the hardware and profits from their rent mean that Microsoft still has "possession, custody, or control" of the data? The fine print of the agreement with Deutsche Telekom and the customer EULAs will get a thorough going over by the Dept. of Justice for evidence of Microsoft "control" of the data. That will be the crucial legal issue. The data centers in Germany may pass the test. But the notion that data centers in the UK can offer privacy is laughable; the UK's legal authority for GCHQ makes it even easier to get the data than the NSA can in the U.S.  It doesn't even require a court order. 

Finally, acknowledgement that the growth of the cloud computing industry will likely be affected greatly by disclosures of widespread US and UK storage and surveillance of digital data. But will this be enough to turn cloud computing companies into staunch advocates of reining in the NSA and GCHQ? Note that the emerging E.U. position creates an economic advantage for cloud computing companies with their server farms located in the E.U. (likely excluding the UK). 

Yee-haw! E.U. sanctuary and rewards for NSA whistle-blowers. Mandatory warnings for customers of U.S. cloud services that their data may be turned over to the NSA. Pouring more gasoline on the NSA diplomatic fire. 

"'Failing Expectations: Fourth Amendment Doctrine in the Era of Total Surveillance' is a thought-provoking essay written by a Fordham University law professor about how the reasonable expectation test for privacy is failing to protect us. Add into our networked world the third-party doctrine and we have little protection against unreasonable searches and seizures."

It doesn't detract substantially from the essay's central thesis, but an important part of the learned professor's heartfelt desires were delivered in a Supreme Court decision just decided, after the essay was published, Reilly v. California, http://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf The Court held in relevant part: "We also reject the United States' final suggestion that officers should always be able to search a phone's call log, as they did in Wurie's case. The Government relies on Smithv. Maryland, 442 U. S. 735 (1979), which held that no warrant was required to use a pen register at telephone company premises to identify numbers dialed by a particular caller. The Court in that case, however, concluded that the use of a pen register was not a "search" at all under the Fourth Amendment. See id., at 745-746. There is no dispute here that the officers engaged in a search of Wurie's cell phone. Moreover, call logs typically contain more than just phone numbers; they include any identifying information that an individual might add, such as the label "my house" in Wurie's case." The effect there was to confine Smith v. Maryland, the foundation of the third-party doctrine, to its particular facts. In other words, the third-party doctrine is now confined to connected telephone numbers, the connect time, and the duration of the call. If any other metadata is gathered, such as location data, the third-party doctrine no longer applies. When you read the rest of the Reilly decision, you see a unanimous Supreme Court shooting down one government defense after another that have been used in the NSA's defense to mass telecommunications surveillance. But most interestingly, the Court unmistakably has laid the groundwork for a later decision drastically cutting back on digital surveillance without a search warrant based on particularized probable cause to believe that evidence of a specific crime has occurred and that the requested sear

Ron Wyden comes out swinging at a Senate hearing, giving 3 examples of lies about digital surveillance told to Congress by intelligence officials and DoJ. Then he presses DNI Clapper, CIA head Brennan, and FBI head Comey to provide by dates certain written public answers to a series of questions that he had previously asked in writing but never received answers on. All three said they would provide the answers, Clapper within 30 days and the other two within 7 days.  The questions themselves are extremely important, about the government's interpretation of legal authorities to conduct warrantless searches and in the case of the CIA, whether it is subject to the Computer Fraud and Abuse Act. That Act provides for criminal penalties and civil damages for accessing a "protected computer" (essentially any computer connected to the internet, whether in the U.S. or abroad) or activating any command or installing any malware on a protected computer. See generally, http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act That question suggests that Wyden and his staff are boring into issues involving the government breaking into computers to access private data. Another question asked whether the government claimed the authority to access private data stored in the cloud without a warrant.  This is a short video well worth the watching time.

Wow, OpenOffice (3%) and Libre Office (2%) are actually losing gound!  In 2011 they had a combined marketshare of 13%.  Google Docs has a 13% marketshare, but i suspect most of those document originate in legacy MSOffice!!!!!  Making Google Drive - Apps a front end for mobile access and back-end backup.  In the middle of this mess, productivity workers struggle with shredded formats and the confusion of highly interactive and data intensive / time-sensitive compound documents going static (pdf) or otherwise disconnected. Intro: "We (Forrester) just published a report on the state of adoption of Office 2013 And Productivity Suite Alternatives based on a survey of 155 Forrester clients with responsibility for those investments. The sample does not fully represent the market, but lets us draw comparisons to the results of our previous survey in 2011. Some key takeaways from the data:   One in five firms uses email in the cloud. Another quarter plans to move at some point. More are using Office 365 (14%) than Google Apps (9%).  Just 22% of respondents are on Office 2013. Another 36% have plans to be on it. Office 2013's uptake will be slower than Office 2010 because fewer firms plan to combine the rollout of Office 2013 with Windows 8 as they combined Office 2010 with Windows 7. Alternatives to Microsoft Office show little traction. In 2011, 13% of respondents supported open source alternatives to Office. This year the number is just 5%. Google Docs has slightly higher adoption and is in use at 13% of companies. "

NSA as the cause of the next major disruption in the social networking service industry?  Grief ahead for Google? Note the point made that: "It's impossible to do a cloud-based ad supported service" where the encryption/decryption takes place on the client side. 

So both Brazil and the European Union are planning to boycott the U.S.-based cloud industry, seizing on the NSA's activities as legal grounds. Under the various GATT series of trade agreements, otherwise forbidden discriminatory actions taken that restrict trade in aid of national security are exempt from redress through the World Trade Organization Dispute Resolution Process. So the NSA voyeurs can add legalizing economic digital discrimination against the U.S. to its score card.

Congress in its wisdom does not publish all Congressional Research Service reports online. The Federation of American Scientists Project on Government Secrecy fills that gap. The report linked in this bookmark is an amazing compendium of research resources on the topic of cybersecurity, with a heavy emphasis on cloud computing. 

Meanwhile, illegal NSA spying is expected to cost USA Cloud Computing companies $35 Billion in lost sales and services. "whistleblower Edward Snowden worked for the CIA, rather than the NSA. Here's the original text in the Guardian: By 2007, the CIA stationed him with diplomatic cover in Geneva, Switzerland. His responsibility for maintaining computer network security meant he had clearance to access a wide array of classified documents. That access, along with the almost three years he spent around CIA officers, led him to begin seriously questioning the rightness of what he saw. He described as formative an incident in which he claimed CIA operatives were attempting to recruit a Swiss banker to obtain secret banking information. Snowden said they achieved this by purposely getting the banker drunk and encouraging him to drive home in his car. When the banker was arrested for drunk driving, the undercover agent seeking to befriend him offered to help, and a bond was formed that led to successful recruitment. In that quotation, there's the nugget of information that the CIA was not targeting terrorists on this occasion, at least not directly, but "attempting to recruit a Swiss banker to obtain secret banking information". That raises an interesting possibility for the heightened interest in Germany, as revealed by Boundless Informant. Given that the NSA is gathering information on a large scale -- even though we don't know exactly how large -- it's inevitable that some of that data will include sensitive information about business activities in foreign countries. That could be very handy for US companies seeking to gain a competitive advantage, and it's not hard to imagine the NSA passing it on in a suitably discreet way. Germany is known as the industrial and economic powerhouse of Europe, so it would make sense to keep a particularly close eye on what people are doing there -- especially if those people happen to work in companies that compete with US firms.

Closely related: see http://www.theguardian.com/business/2013/aug/02/telecoms-bt-vodafone-cables-gchq (,) an article on British telecom's collaboration with wiretapping by the UK's counterpart to the NSA, GCHQ. According to an inside source: "The source said analysts used four criteria for determining what was examined: security, terror, organised crime and Britain's economic wellbeing." I also recall that years ago during the furor over the Echelon system, an EU Parliament investigation had concluded that there were concrete instances of commercial intelligence being passed on by NSA to American companies. Specifically, I recall a finding that during development of the AirBus, details of its design had been intercepted by NSA and passed on to Boeing. There was testimony received that more generically discussed the types of economic surveillance conducted. http://cryptome.org/echelon-nh.htm (page search for "economic"). The same researcher stressed that in public statements: "Those targets like terrorism and weapons transport are used as a cover for the traditional areas of spying, the predominant areas of spying, which are political, diplomatic, economic and military."

A 2010 decision by the U.S. 6th Circuit Court of Appeals that I had missed up to now. It finds the Stored Communications Act's section that excuses email in the possession of an ISP for more than 180 days from the 4th Amendment's judicial warrant clause. There may yet be hope for cloud computing in the U.S. 

Bye bye encryption :( It's incredible to think this could happen in America. Marbux and I recently signed up for lavabit accounts, hoping to use the PGP encryption. And we knew uber patriot Edward Snowden had used Lavabit. Yet, it didn't occur to us that the Feds would shut demand their information and shut them down. We are fools. We take our freedom for granted and expect the Constitution to be upheld and adhered to. It's the law of the land, and no entity, public or private, can trump the law of the land. Yet, here we are. Totally trumped. No longer free. I feel like someone so used to the passing of night into day and back again, my freedom so caught up within the rhythms of the seasons and the passing of time that I am unable to see that it's become night time and darkness everywhere. There will be no return to sunlight unless we make it so. And the Guardian has it right: Cloud Computing will grind to a halt in the USSA. excerpt: "On Thursday afternoon, Ladar Levison, the owner and operator of Lavabit, an email service that prides itself on privacy and security, abruptly closed his website, posting a short message to his former users. "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit," he wrote. "After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot." Levison might be gagged by the law, but it's not hard to guess at least part of the reason why his site is having legal troubles. In early July, journalists and human rights activists received an email from edsnowden@lavabit.com, inviting them to a press conference in Moscow's Sheremetyevo airport. Given the NSA leaker's understandable desire for security, it is not surprising that Edward Snowden would use a service designed for keeping messages out of prying hand