Linked by Thom Holwerda on Fri 7th Jun 2013 11:40 UTC
Legal This story is getting bigger and bigger. Even though most Americans probably already knew, it is now official: the United States government, through its National Security Agency, is collecting the communications and data of all American citizens, and of non-Americans using American services, through a wide collaboration with the large companies in technology, like Apple, Google, Microsoft, Facebook, and so on. Interestingly enough, the NSA itself, as well as the US government, have repeatedly and firmly denied this massive spying on Americans and non-Americans took place at all.
Permalink for comment 564033
To read all comments associated with this story, please click here.
Doc Pain
Member since:

[Instead of just complaining...] ...where are all the cyber warriors willing to do something about this?

The only thing actually effective "about this" would be to remove many entities being "used" for this purpose. It starts with ISPs recording all the bytes in and out your computer, and your mobile provider storing where you are, whom you call, who calls you, and what's been talked about. Then all the apps, providing data to those running the services you're using. The same for the web. Finally the several organs of investigation. It's not just about the NSA. Investigation services are (partially) interconnected, some tighter, some more loose, so some information flow can be maintained. Think about IRS, state prosecution, police, municipal administration, depending on your country. And things "happening on the Internet" are never really "closed regarding a country", so foreign parties can also participate.

It all starts with users, with their ability (and will!) to provide information. How can anyone posting stuff on "Facebook" still have the idea in mind that "nobody will know"?

So my conclusion is: In order to stop the spying, stop the spies from doing what they do, and stop their objects from happily helping them! This means: Remove their infrastructures, disturb their operations, cause trouble on their side.

Nobody will be going to do this. In many juristictions this is considered a severe crime, punishable with jail time. It's simply dangerous and somehow suicidal to challenge any state or authority. They will justify their existence and defend theirselves at all costs.

Why doesn't someone roll up a bundle of services like e.g. e-mail + social media + calendars + contacts, with the premise that everything that can be encrypted will be encrypted, as few logs will be kept at all times as the law allows and where privacy is king?

First, it will have to be a "registered business" so people start recognizing it seriously. It will of course have to cost money (because "if it's for free, it's shit"). This creates several dependencies to the state (which runs the spying), and it will probably not officially allow a company to act against the state's goals.

Alternatives do exist. They are commonly not in use. Only "few people" know about encryption and how to integrate it into everyday tasks. As long as I own a "smartphone", can I really complain about being spied at? Remember that this is a nice "side effect" (one could claim: purpose) of such devices! (Oh, and the same applies to Internet use.")

The common mentality of "I've got nothing to hide" and "I don't care" (most important "argument"!), plus the increasing contribution to data collection is the problem why people are not aware of what's happening to them.

Imagine big news: "Today, data of every US citizen has been leaked from the IRS databases and downloaded several thousand times from the Internet. Also mail contents, online banking passwords and phone conversations are currently freely available of all US citizens on the web."

Not going to happen.

In Germany there was recently a discussion about a law that should force those who run "security-critical IT" to provide information when a security breach has appeared. Inform who? The victims? No, of course not. Who then? Some arbitrary state authority full of clerks with no clue what they are "administrating"?

Just imagine what would happen if companies and governmental installations would really have to care for data protection, because if they would not, it would always be big news! People would tend to get aware and ask questions. Unpleasant questions. "What are they doing with my personal data? Why do they make money by selling my data to companies to run targeted advertising at me? Why can't I decide about what will happen to my data?"

Another example from Germany: The police has obtained lots of data from people attending a (legal!) demonstration. A high court has ruled that this has been illegal. Consequences? None.

Common argument: "It always happens to the others. It doesn't happen to me. I have no virus." Things need to "happen visibly to the masses" to get any attention, which is a requirement for developing own thoughts and drawing conclusions. We're still far away from that process.

I wouldn't mind paying a few euros a month for such and I'm quite sure such an approach would garner some interest in the tech-crowd.

It's not primarily a question of money. And keep in mind that money will also add "dependencies" (as described above).

Additionally, security of those services would have to be tested intensively. I'm not just talking about "in-house testing", but on "all levels". I'm sure you get the idea: The best encryption is useless when the ISP or the mobile carrier already stores the raw data beforehand. Keeping their customers' data safe (and secret) is something companies claim, but often fail to deliver. The history has proven this fact.

Just imagine hacking (in a broad sense) would be legal. Companies offering secure solutions would be interested in actually delivering secure products, so they would employ good programmers and do proper testing. Today's solution? Run advertisements, put some money here and there (to obtain dubious "certifications" totally unrelated to reality) and hope that nothing bad will happen. And if it does, try to ignore it or blame someone else. This is business as usual. And HR departments, accounting, and management is so much more important than skilled and loyal professionals developing good software and hardware solutions, right? ;-)

Besides, I just don't think the EU will do anything meaningful about this situation or they'll try something half-assed and try to spy on people themselves.

They already do, with the ISPs acting in hurrying obedience. Many datacenters will be built to process and store data. Whole businesses offer "solutions" to the states. Their executives are interconnected with the governments, so it's a "win-win situation" for everyone: "You make the laws that say our spy software is legal, and we offer you the data you want."

The constant dumbing-down of people in the EU will benefit those who plan and execute surveillance. Counter-measures will be fought and declared illegal. People in general won't care. They are made to believe they live in a "democratic and free society with a competitive free market", and anyone questioning this is a "bad person" and will be punished - because this is what those "terrorists" (everyone who's against the governmental doctrine) deserve. People are lazy, and they fear the force and violence of the state, so they do not try to "deviate" and unleash that force.

For companies, it's like playing a game. The game has rules. Those rules are arbitrarily constructed. They do not need to be in relation to reality, logic or rationality. As long as you play according to the rules, you might become rich, or at least you will not be harmed. If you don't obey the rules, you're out.

So I claim that any business claiming to provide a secure solution to communication with no ability of others to spy at, will be out of business soon. They probably won't even find investors, because those who have money can always subject to governmental actions - and they've got "so much more stuff" to lose!

Allow me a final statement. I'm saying this for decades already: Everything that is technically possible will be done, no matter if the public will notice it. And data that has been obtained one time will not be deleted. Nobody deletes anything.

I'm expecting this notice soon: This text has been recorded and will be submitted to state security. Unperson! Open your door and be ready to be taken into custody. Your IT equipment will be examined and destroyed by clueless clerks. Then your face will be shown on TV so honest goodpeople can see how you asshole hackers look like who try to harm the state!!! :-)

Reply Parent Score: 6