Group items tagged

Yee-haw! E.U. sanctuary and rewards for NSA whistle-blowers. Mandatory warnings for customers of U.S. cloud services that their data may be turned over to the NSA. Pouring more gasoline on the NSA diplomatic fire. 

The European Community's Court of Justice decision in the Safe Harbor case --- and Edward Snowden --- are now officially downgrading the U.S. as a cloud data center location. NSA is good business for Europeans looking to displace American cloud service providers, as evidenced by Microsoft's decision. The legal test is whether Microsoft has "possession, custody, or control" of the data. From the info given in the article, it seems that Microsoft has done its best to dodge that bullet by moving data centers to Germany and placing their data under the control of a European company. Do ownership of the hardware and profits from their rent mean that Microsoft still has "possession, custody, or control" of the data? The fine print of the agreement with Deutsche Telekom and the customer EULAs will get a thorough going over by the Dept. of Justice for evidence of Microsoft "control" of the data. That will be the crucial legal issue. The data centers in Germany may pass the test. But the notion that data centers in the UK can offer privacy is laughable; the UK's legal authority for GCHQ makes it even easier to get the data than the NSA can in the U.S.  It doesn't even require a court order. 

I'm struck again by the poltical brilliance of Russia's decision to drop the South Stream Pipeline in favor of a new pipeline through Turkey to the border with Greece. Russia has gained an ally in Greece in terms of fighting economic sanctions on Russia and reinstating trade between Russia and the EU. Greece has veto power in the EU on any new sanctions or renewal of existing sanctions, at least most of which have sunset provisions. Russia also made allies of two NATO members, Greece and Turkey. And Greece is positioned by its threat of refusal to repay debt to the troika banksters to break the absolute hold the banksters have on monetary policy in the Eurozone. Russia magnifies that threat by saying that it is open to a proposal to bail out the Greek government. Not yet known is whether a condition would be abandoning the Euro as Greece's own currency. Greece might conceivably reinstate the drachma with its value pegged to a basket of foreign currencies, including the ruble and yuan. In other words, Greece leaving the EU and NATO and joining BRICS is conceivable.

Finally, acknowledgement that the growth of the cloud computing industry will likely be affected greatly by disclosures of widespread US and UK storage and surveillance of digital data. But will this be enough to turn cloud computing companies into staunch advocates of reining in the NSA and GCHQ? Note that the emerging E.U. position creates an economic advantage for cloud computing companies with their server farms located in the E.U. (likely excluding the UK). 

High comedy from the office of the U.S. Trade Representative. The USTR's press release is here along with a link to its report. http://www.ustr.gov/about-us/press-office/press-releases/2014/March/USTR-Targets-Telecommunications-Trade-Barriers The USTR is upset because the E.U. is aiming to build a digital communications network that does not route internal digital traffic outside the E.U., to limit the NSA's ability to surveil Europeans' communications. Part of the plan is to build an E.U.-centric cloud that is not susceptible to U.S. court orders. This plan does not, of course, sit well with U.S.-based cloud service providers.  Where the comedy comes in is that the USTR is making threats to go to the World Trade organization to block the E.U. move under the authority of the General Agreement on Trade in Services (GATS). But that treaty provides, in article XIV, that:  "Subject to the requirement that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between countries where like conditions prevail, or a disguised restriction on trade in services, nothing in this Agreement shall be construed to prevent the adoption or enforcement by any Member of measures: ... (c)      necessary to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement including those relating to:   ... (ii)     the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts[.]" http://www.wto.org/english/docs_e/legal_e/26-gats_01_e.htm#articleXIV   The E.U., in its Treaty on Human Rights, has very strong privacy protections for digital communications. The USTR undoubtedly knows all this, and that the WTO Appellate Panel's judges are of the European mold, sticklers for protection of human rights and most likely do not appreciate being subjects o

If you're in the market to purchase a few cloud server farms located in the U.S., you may want to hold off until the EU Court of Justice rules. Prices could be tumbling shortly afterward.  In related news, Reps. Zoe Lofgren and Thomas Massie have introduced a bipartisan amendment to the annual Department of Defense Appropriations bill (H.R. 4870) that would prohibit use of the bill's funds to: 1) Conduct warrantless searches of Americans' communications collected and stored by the NSA under Section 702 of the FISA Amendments Act. 2) Mandate or request that backdoors for surveillance be built into products or services, except those covered under the Communications Assistance for Law Enforcement Act.

Article includes more detail on individual EU nations' objections, Germany, Ireland, and Italy.  

Meanwhile, illegal NSA spying is expected to cost USA Cloud Computing companies $35 Billion in lost sales and services. "whistleblower Edward Snowden worked for the CIA, rather than the NSA. Here's the original text in the Guardian: By 2007, the CIA stationed him with diplomatic cover in Geneva, Switzerland. His responsibility for maintaining computer network security meant he had clearance to access a wide array of classified documents. That access, along with the almost three years he spent around CIA officers, led him to begin seriously questioning the rightness of what he saw. He described as formative an incident in which he claimed CIA operatives were attempting to recruit a Swiss banker to obtain secret banking information. Snowden said they achieved this by purposely getting the banker drunk and encouraging him to drive home in his car. When the banker was arrested for drunk driving, the undercover agent seeking to befriend him offered to help, and a bond was formed that led to successful recruitment. In that quotation, there's the nugget of information that the CIA was not targeting terrorists on this occasion, at least not directly, but "attempting to recruit a Swiss banker to obtain secret banking information". That raises an interesting possibility for the heightened interest in Germany, as revealed by Boundless Informant. Given that the NSA is gathering information on a large scale -- even though we don't know exactly how large -- it's inevitable that some of that data will include sensitive information about business activities in foreign countries. That could be very handy for US companies seeking to gain a competitive advantage, and it's not hard to imagine the NSA passing it on in a suitably discreet way. Germany is known as the industrial and economic powerhouse of Europe, so it would make sense to keep a particularly close eye on what people are doing there -- especially if those people happen to work in companies that compete with US firms.

Closely related: see http://www.theguardian.com/business/2013/aug/02/telecoms-bt-vodafone-cables-gchq (,) an article on British telecom's collaboration with wiretapping by the UK's counterpart to the NSA, GCHQ. According to an inside source: "The source said analysts used four criteria for determining what was examined: security, terror, organised crime and Britain's economic wellbeing." I also recall that years ago during the furor over the Echelon system, an EU Parliament investigation had concluded that there were concrete instances of commercial intelligence being passed on by NSA to American companies. Specifically, I recall a finding that during development of the AirBus, details of its design had been intercepted by NSA and passed on to Boeing. There was testimony received that more generically discussed the types of economic surveillance conducted. http://cryptome.org/echelon-nh.htm (page search for "economic"). The same researcher stressed that in public statements: "Those targets like terrorism and weapons transport are used as a cover for the traditional areas of spying, the predominant areas of spying, which are political, diplomatic, economic and military."

One of the biggest dangers to the NSA program that I see just over the horizon is that the E.U. has regulatory powers over Google and the other cloud companies involved in the scandal. If the European Commission decides that these companies can not be trusted to protect user's data, it has more than enough legal authority to whop some serious hurt on the companies. 

Not to mentiont that Russia has deployed its S-400 surface to air defense system to Syria, which is 2 generations later than the currently deployed U.S. Patriot systems. The S-400 can knock down aircraft or missiles flying up to 90,000 feet and travels at over 17,000 mph, very near Earth escape velocity. It has a lateral range of nearly 300 miles.