Data protection: Angela Merkel proposes Europe network
bbc.co.ukWe begin therefore where they are determined not to end, with the question whether any form of democratic self-government, anywhere, is consistent with the kind of massive, pervasive, surveillance into which the Unites States government has led not only us but the world.
This should not actually be a complicated inquiry.
http://snowdenandthefuture.info/events.html
http://benjamin.sonntag.fr/Moglen-at-Re-Publica-Freedom-of-t...
You heard a lot of stuff from governments around the world in the last two weeks, but not one statement that consisted of “I regret subjecting my population to these procedures.” The German Chancellor, though triumphantly reelected with not a cloud in her political sky, is in no position to say “I agreed with the Americans to allow 40 million telephone calls a day to be intercepted in Germany; I just want them to stop listening to my phone!” The President of the United States is considering the possibility of not listening to thirty-five mobile phones around the world. The other several hundred million people we listen to are stone out of luck.
You understand what a charade this is, of course. The leaders of global societies do not conduct their classified business over their personal mobile phones. Our listening there is not gaining us important military intelligence. The President of the United States is publicly considering not listening to conversations that leaders of other countries have with their spouses, their siblings and their children. But the conversations nine hundred million other people are having with their spouses, their siblings, and their children remain fair game.
Nobody is talking about that; you’re not supposed to think about it.
Surveillance is not an end toward totalitarianism, it is totalitarianism itself.
China kicking out Google doesn't seems so crazy now. The American government is a worldwide aggressor that cannot be restrained. All defenses must be put up in an attempt to stop it.
As a side benefit China has fostered a large homegrown internet industry which many other countries lack. Services like Baidu and Sina Weibo are more than acceptable. Europe is more than capable of doing the same and hopefully with less censorship.
> China kicking out Google doesn't seems so crazy now. The American government is a worldwide aggressor that cannot be restrained.
You're touching on something here. What you're saying is that Google = American government [1]. With the rise of open fascism in the US, the merging of strategic corporations (mostly the technology, entertainment, and banking monopolies) with government interests is become more and more obvious - and scary for that matter.
China didn't kick out Google, Google left. Google is not even blocked like Twitter and Facebook are (though plus and youtube are blocked). The Chinese government is 100x more aggressive than the US government when it comes to monitoring internal Internet activities.
As a side non-benefit of being protected from international services, China's homegrown internet industry is unable to innovate and compete outside of China, where their international competition has no such disadvantage. Services like Baidu and Sina Weibo are just acceptable local copies of successful international services. Europe is capable of becoming like China, but would be crazy to go down that route.
There's some comedy in referring to China as though it weren't one of the top countries when it comes to digital crime sponsored by the state. The only debate to be had is whether the NSA or the Chinese Government is worse in that regard, and that would be a pointless debate, they're both vile.
For the Chinese government this argument may hold some water. I do think that for the Chinese people this is very much a negative though.
When choosing whether you want the American government to have some monitoring power over you or the Chinese government, the answer is beyond obvious [1].
[1] http://en.wikipedia.org/wiki/Re-education_through_labour
I seriously doubt that Merkel's intentions are pure on this. For starters, we know that Germany has given some degree of cooperation in NSA spying, including allowing the US to build an army base that will be used by the NSA[1]. Secondly, we know that the BND used the NSA's systems for its own intelligence purposes[2].
Something tells me this is as much (if not more) an attempt to put European users' data within reach of European spy agencies as it is about protecting European users' privacy. I suppose the upside is that it ensures that peoples' data is in the hands of their own governments rather than being in the hands of governments they have no control over.
[1] http://www.spiegel.de/international/world/edward-snowden-acc...
[2]http://www.spiegel.de/international/germany/german-intellige...
You comment made me curious how many US army bases there are on German ground. More than I expected:
http://en.wikipedia.org/wiki/List_of_United_States_Army_inst...
(Not saying they are used by the NSA.)
But they're important to protect the US from Nazis! Do I have to go Godwin on you so you realize how vital this is?
Initially, they were. Then they became important to protect Europe from the Soviets. I would argue that to some extent they're still fulfilling that function.
But please make no mistake. The extreme right is still popular in Germany and generally in northwest Europe, in some places commanding ~35% of the votes. Far left (meaning having political positions not even American "communists" would support) commands another 10-15% of the vote, even in East Germany where, let's just say that a lot of the population has good reason to distrust them.
Although that has some truth, I would also argue that in today's Europe, the fact that the US has military bases in Germany is more standing on the left foot of the German state. In other words, if you stand on someone's foot, they can't move around that much without you knowing what they are doing.
> Initially, they were. Then they became important to protect Europe from the Soviets. I would argue that to some extent they're still fulfilling that function.
I've got some news for you about the Soviets. I hope you're sitting down...
Personally, I'd rather my information be in the hands of the United States rather than my own governments (the United Kingdom -- unfortunately it's with both!) Your own government can do more against your interests than a foreign government can.
Yes, she intends to put the information of Eu citizens under Eu citizen's spy agencies.
That's what we call sovvereignity. And that is the problem with the NSA.
Shitshitshitshitshit! I knew that this would be the knee-jerk reaction of politicians. If this happens, we will get borders on the internet. And if there is anything which can wreck the internet, borders are it. Now for the first time I'm really scared about the future of the internet. Let's get involved politically now and educate these people about the foundations of the internet, and try to keep it a neutral piece of infrastructure. Curse the NSA for wrecking net neutrality, and other agencies for waging war here. The internet was international and neutral from the start, don't bring your territorial thinking here!
> If this happens, we will get borders on the internet. And if there is anything which can wreck the internet, borders are it.
No offense but this is exactly the option I'd be recommending to U.S. policymakers (i.e. having a "Balkanization Button") if it really comes to gutting the NSA.
Yes, the thing that makes the Internet so good for us is the open borders, but it's also the thing that makes it so powerful for countries that don't have to abide by pesky little things like Western cultural morals.
In no other realm does a potential adversary gain access to a military capability and the Western world opts to leave itself defenseless. And make no mistake, cyber is thought to be a military capability for the likes of Russia (just ask Estonia or Georgia), China, and North Korea.
If pacifism is to be the answer in response to this threat, then that simply means that defense will have to come by different means, i.e. by "battening down the hatches" and sealing off foreigners from domestic networks. If we can seek out threats on networks then the second-best option is to try and keep our networks from being used against us.
Similar logic will then apply in the E.U. and other nations.
> The internet was international and neutral from the start, don't bring your territorial thinking here!
It was hardly neutral from the start, the Internet developed from things like NSFNET and MILNET. Don't be silly.
And either way, "we didn't start the fire"... the NSA didn't invent cyber hacking, as they could only have been hacking themselves at first. Go read "The Cuckoo's Egg" by Cliff Stoll if you want to see where the first wave of state-sponsored hacking started.
Please remember that Germany voluntarily shared their surveillance data with the US, at least according to Snowden. So a country subnet wouldn't have helped at all in this case.
Regarding cyber warfare, maybe the US didn't start this fire, but they definitely participated in bringing war mentality online.
I hope that we as a technological community can fight this on a global scale, not nation per nation. Abusing the internet for espionage and warfare sucks. If we can strengthen security for any arbitrary connection we won't have to divide the whole net into silos. Here, the NSA were really acting against their best interest by weakening existing defenses.
Having several barriers of entry is good practice in security, why not just make sure that there are secured channels with stronger security for sensitive data. We already know that many systems can be improved security-wise, so we'd know where to start! These secured channels most definitely don't have to be by country, and internet could stay as is for everyday communications.
I believe that having an international net greatly helps in preventing wars by building relations between entities in different countries and spreading culture. Let's not forget about the negative effects that would come from shutting this system down by introducing country-nets.
> I hope that we as a technological community can fight this on a global scale, not nation per nation. Abusing the internet for espionage and warfare sucks.
I agree 100%, but the problem is we don't get a unilateral vote.
Geopolitically it makes perfect sense for authoritarian regimes to engage in cyberwar. All legality aside, they would be stupid not to.
There is not much anyone (UN, EU, etc.) can do about it. We're not going to declare war (in the kinetic sense) over the cyber equivalent of spying/covert ops. We're not going to engage in sanctions that strangle both our economies over the cyber equivalent of spying/covert ops.
And they know that, just as well as we do. There is every incentive for them to do it, and essentially no disincentive.
So the cyberwar is on. (And, it's been on).
And that's not even getting into the transnational actors who abuse seams and gaps of jurisdictional boundaries between law enforcement, national intelligence, "dual-use" civilian/military networks, etc. in order to organize their own activities.
The best thing we can do is extremely good defense (which due to scale must be mostly passive with few active measures employed). And we should pursue that, but market pressures will always, always go against that.
Even if the U.S. were to, say, regulate that computer systems should be designed to combat security vulnerabilities (and NIST has just released a guideline on that), other nations would not necessarily do that and so nations without that requirement could run rings around U.S. software shops by releasing buggier software first and with faster feature iteration cycles. And that's assuming you could "fix the market" with proper regulation in the first place, which is certainly unclear.
And where would open source software fall into that? Do we want to forbid individual devs from uploading their wares to GitHub until they've completely a 27-page checklist?
> Here, the NSA were really acting against their best interest by weakening existing defenses.
In fairness AFAICS the one crypto standard they weakened was only weakened against NSA, not in general (though that would certainly not make you feel better if you were trying to hide from NSA). But at the same time I never figured out specifics on whether NSA was convincing companies to ship known-broken code, actively adding other backdoors, or what. But if their involvement was limited to convincing companies like Cisco to default to Dual EC DRBG then that's not nearly as bad as convincing Cisco to ship a broken zlib.
> Having several barriers of entry is good practice in security, why not just make sure that there are secured channels with stronger security for sensitive data.
Even without market pressures, the fact is that cyber defense falls prey to the fact that the attacker generally need only be right once, which the defender must be right every time. I hate to be Debbie Downer here but you're speaking to an extremely hard problem, and it doesn't get any easier if you take all the other possible tools away.
Certainly there are industries taking more stringent precautions, but the problem is that the bum-standard civilian Internet is itself "critical infrastructure", and is the hardest thing to make secure (just witness the spread of NTP-based DDoS attacks). Having citadels of security in a floating maelstrom of unprotected Internet is not security at the national level.
> I believe that having an international net greatly helps in preventing wars by building relations between entities in different countries and spreading culture. Let's not forget about the negative effects that would come from shutting this system down by introducing country-nets.
Well a counterargument is that an international net has allowed smart propaganda arms from all sources to drum up more hatred for America (I'm not speaking merely of things America deserves and should receive blame for.... e.g. both sides in Egypt blamed America and thought America was supporting the other). To be clear, neither the U.S. media or government has managed to engage in "smart" propaganda since the Cold War and the Internet has made the USG in particular look flat-footed.
Look around the Internet and all I see is Europeans calling us fat, making fun of how we measure distance, write and speak our dates (and all this despite American coders at MS being careful to add locale and translation support to their software), and more or less begging for us to take any overseas extension we have back to America.
While I will say that I do prefer an international, open network just as you do, those demanding America to go home may yet get their wish......
I see where you're coming from, but I don't really agree with your conclusions. Yes, authoritarian regimes will keep trying to subvert freedom and abuse friendly initiatives. But the real question for me is whether we need to listen to them or not. Why not just ignore them? Maybe they can get the source for some business system in a successful financial company. But they will most likely never be able to replicate that company, so why bother? Maybe the freedom that an open internet gives is worth the downsides? I mean, it has worked thus far.
Weapon systems and other national security is another thing entirely. Here I'm all for heightened security with the whole shebang: physically separate networks, drives in safes, you name it.
Industrial espionage is a borderline case. Here you might want to heighten security for vulnerable companies, especially the ones working under government contracts. The good news is that these are most likely easily identifiable entities. You could maintain a list of high-profile companies who would have to follow stricter security routines. I'm sure this happens already in the real world, so why not use the same type of policies for internet security?
But I would really like to avoid bringing war mentality onto the open internet. Just like you, I think that the 27-page checklist is completely unrealistic.
> Having citadels of security in a floating maelstrom of unprotected Internet is not security at the national level.
No it's not. But why would you need the national level security? I'm not sure that I'm buying you point about the internet itself being "critical infrastructure". If the army want's to claim the whole internet "just in case", then fine, introduce national borders. But isn't it better if all countries work together to make the internet stronger as a whole, and not abusable (prevent these NTP-based DDos attacks for instance)?
The difference is that I don't think that introducing borders are a good long-term strategy. The example which you bring up about anti-USA propaganda is a good one I think. Because what I see in younger generations is a whole new skillset: the ability to see through propaganda, ads and other manipulative media. Thanks to the internet young people can receive several subjective messages and still form their own opinions. Being on the internet exposes you to trolls, liars, false information, propaganda and phishing attempts every day. And people get better at forming their own opinions.
What I've seen over here in Europe regarding pro- and anti-America propaganda once free information was introduces was the following: First people stopped believing the US hype. The US wasn't such a great place after all. Weaknesses such as poverty and gang violence was exposed. Secondly, anti-american propaganda came in from the east. This was listened to to some extent, but pretty soon it became clear that these guys weren't completely honest themselves. And after 9/11 and the Madrid bombings, I don't think anyone think highly of eastern propaganda anymore. Lastly, more information started to flow in from the "real US". Not sitcoms or fox news, but sites like Reddit and hacker news exposed people to the daily lives of americans. And people started to bond and understand one another. And this is what I think is the power of the internet. If we know each other on the small scale, the large scale fights just won't happen. If the news tells me that Kiev is full of terrorists and war makers, I can just happily ignore that having seen live feeds and talked to the people on chats over the internet. It is worth considering, IMO, just how much this communication is worth. It could be that the Internet is the best enabler of Democratic peace that we've seen this far. Maybe so good that democracy isn't even required for enabling "democratic" peace. And borders could ruin that. For proof, just look at dictatorships. They see this power in social media and are deadly scared of it. They're scrambling for the power to shut it down at will.
> Look around the Internet and all I see is Europeans calling us fat, making fun of how we measure distance, write and speak our dates (and all this despite American coders at MS being careful to add locale and translation support to their software), and more or less begging for us to take any overseas extension we have back to America.
This is just little brother teasing big brother. It's not serious IMO.
>While I will say that I do prefer an international, open network just as you do
Well then, let's think up a strategy which would work without building borders between countries! While isolation is the fastest fix, I think it could be worth it if we could find better ones.
We don't have to sever all the transoceanic cables to protect sensitive networks from foreign intrusion, we just have to stop plugging them into the Internet in the first place.
Which is, itself, Balkanization. It also entirely defeats the idea of having a domestic Internet in the first place. Do you not know of anyone who VPNs into their work intranet over the public Internet? Even the government does that.
The substance is more interesting than the headline: "Above all, we'll talk about European providers that offer security for our citizens, so that one shouldn't have to send emails and other information across the Atlantic"
i.e. government support of alternatives to the US owned networked services that enable the data leakages, not low level infrastructure improvements. Whether or not such a thing is likely to work, I'd be dubious, but if they show even the slightest hint of going through with it the US will go crazy. Likely to be a lot of happy devs in Berlin.
That makes a bit more sense. At the level of infrastructure there already is a "European network", with pretty good interconnects. It's very uncommon for intra-European packets to go via the US, at least in continental Europe. There are some routes where it can happen due to peculiarities of peering agreements, but I've seen it quite rarely. On the other hand, if lots of Europeans are hosting their email in the U.S., then Europe having its own network doesn't do much good: ssh sessions from Milan to Copenhagen go via Austria and Germany, but emails from Milan to Copenhagen take a North-American detour.
On the other hand, any traffic that needs to cross the Atlantic, via the Apollo cables, takes a detour via GCHQ Bude, which is funded by the NSA (http://www.thisiscornwall.co.uk/USA-spent-millions-Bude-spy-...). I suspect a lot of non-US traffic goes via London, too.
Used to be a much greater proportion than it is today, largely thanks to the growth of places like the Amsterdam Internet Exchange.
At one point there was a building on the Isle of Dogs (former island in the Thames) through which an absolutely terrifying proportion of the network traffic for western Europe travelled.
At least as far as visible hops in a traceroute go (admittedly doesn't cover everything, such as fiber-level switching), most of my traffic to the U.S. from Copenhagen currently seems to bypass the UK. A few common transatlantic endpoint pairs seem to be Paris-Ashburn (he.net), Amsterdam-DC (hwng.net), and Copenhagen-NYC (tdc.net).
You're right U.S. companies would not be happy, but in fairness to the Europeans this is exactly the direction that I'd said they need to head in if they truly want no possibility of their data being handled in ways unsupported by European law.
Anything else would be like Google opening an office in France and expecting to comply with American labor laws instead of French ones.
European governments haven't earned our trust any more than the US government. The adversary may vary, but the network is the same hostile environment and should be treated with the same caution.
I would say that at least the German government has a better track record in consumer/privacy protection. Far from perfect obviously, but better.
Germany is part of the Five Eyes/Nine Eyes/UKUSA network [1], which was established so that the respective intelligence communities can share data. There is at least one of the US' Echelon stations in Germany [2].
I would wager that Germany would intercept the majority of traffic in this "Europe network" and then give the stuff to the US. Nothing would change.
[1] https://en.wikipedia.org/wiki/Five_Eyes [2] https://en.wikipedia.org/wiki/ECHELON
That is protection against companies collecting data. It says nothing about the reach of their secret services. Those two things shouldn't be confused. And even if Merkel would wish and be able to rein in Germany's spooks she has no such power over France where tapping everything is seen as perfectly normal.
What so many people fail to realize is that the NSA will try and likely succeed at penetrating these networks as well. The real difference is that they don't need FISA courts to authorize foreign intelligence operations, only domestic ones.
A more self-sufficient European network, especially one that excludes Great-Britain (sorry guys...), would raise the effort required to do surveillance.
The NSA doesn't have a limited budget. It already has more data than it can use.
>would raise the effort required to do surveillance.
The UK isn't the only country that co-operates with the US authorities on this, sadly.
But it's relatively unique in how close it is to the US authorities, since it's part of five eyes.
I don't think any EU network is likely to exclude the UK, given BT's ownership of so many key telecoms patents and the fact that they have the contract to provide external connectivity for the commission, Parliament and Council, the Court of Justice, the Court of Auditors, the European Economic and Social Committee, the Committee of the Regions, the European Foundation for the Improvement of Living and Working Conditions, the European Agency for the Evaluation of Medicinal Products, the Translation Centre for the Bodies of the European Union, the European Food Safety Authority, the European Maritime Safety Agency, the European Aviation Safety Agency and the European Agency for Reconstruction.
It doesn't need to exclude UK membership. It needs to allow all traffic between points elsewhere in Europe to bypass UK networks, and ideally to allow all traffic from other places in Europe to elsewhere to bypass the UK.
And contracts are not forever.
The parent's point was that doing so is basically impossible at this stage in the game short of digging holes and building entirely new infrastructure parallel to what already exists and have someone new who hasn't managed this manage it. Good luck with that :)
This is such a great development, and I fully support it. The more decentralization we can make, the more freedom we'll have. As long as they are standards based, not pay-to-play, and, open to everyone.
Really? Don't you see the Trojan horse here? I tend to feel that this is a European version of FISA 'improvement' act.
Merkel and Holland are politicians of a special kind. Politicians & their intelligence thugs caught in bed conspiring with foreign agencies/corporations against the people they represent. France quietly pushing through military legislation authorizing spying on its citizens [1].
We should not allow governments to have any more control over the internet. Look how much damage has already been done. Instead we need to build decentralized systems [2] and mesh networks [3] to route around censorship and government/corporate control.
[1] http://www.examiner.com/article/france-overtakes-nsa-spying-... [2] http://torrentfreak.com/how-the-pirate-bay-plans-to-beat-cen... [3] http://openlibernet.org/
Well, how does it look when Merkel is talking about the internet.
Germany has a project called DE-Mail. https://en.wikipedia.org/wiki/De-Mail
It's a kind of E-Mail service to improve Data-Protection and get legally binding electronic communication. So far so good.
But how is this done, and what are the impacts. At first E-Mail got a price tag. Second, there is no End-To-End-Encryption. Third, you're legally bound if they say this mail arrived, no matter if you even noticed or read. 4th there are public companies involved, able to read high sensitive data sent by DE-Mail, because there is no End-to-End communication. This companies are also able, but not allowed, to send legally binding mails in your name. How could you prove, you didn't sent?
This is the context, when German politicians talk about the internet. They have no clue.
I wonder if when all of this NSA spying was starting out in the government offices in Washington D.C.; did anyone think about the law of unintended consequences? Trying to spy on everyone in the world is a massive project. Placing oneself into everyone's private lives goes beyond simple hubris. It's megalomania.
I wonder if even now, those involved, have any idea of the nature of what they've done and what the magnitude of the consequences are shaping up to be.
I hope it's more like "EU" than Europe, because countries like UK seem more than happy to sell the rest of us out. In the end the solution will be to build trustless P2P networks, everywhere, but the only way US and US companies will agree to allowing something like that will be if EU pushes for localized EU networks and stuff like this to make their life too hard otherwise.
I was just reading the history of the EU. So UK was part of the outer 7 European states. On the enlargement of the pre-pre-cursor of the EU to the pre-cursor of the EU in 1960
"However, then–French President Charles de Gaulle saw British membership of the Community as a Trojan horse for US interests, and hence stated he would veto British membership." (http://en.wikipedia.org/wiki/Inner_Six)
Ha, he was probably right. But you will never get rid of us now!
Er, the UK has been part of the European Union since 1973.
Cameron promised a referendum. I hope they get out for good this time.
Heh, there is absolutely no way that the Conservatives will let the UK leave the EU. This is an empty promise to try and stop their grassroots voting UKIP.
The thing it, while many of the people who vote Tory want the UK to leave Europe, the people who actually fund the Conservative party make a lot of money from being part of the EU. The disconnect between the voters and the funders of the Conservative Party has been a defining feature of theirs for decades.
This is why mentioning Europe is so destructive for them, because they have to stay in Europe, but cannot publicly admit that.
Heh, there is absolutely no way that the Conservatives will let the UK leave the EU. This is an empty promise to try and stop their grassroots voting UKIP.
There will be a certain irony if the Conservatives lose out at the next general election because UKIP divides their vote and something between a Labour landslide and a Labour-Lib Dem coalition happens... because of the AV voting reforms that the Conservatives heavily opposed a couple of years ago.
This looks rather clueless, I think. As others have mentioned, the problem isn't so much in the interconnects, but more with the services being used. But there isn't going to come a new Facebook or Google out of Berlin - or anywhere else for that matter.
What would be helpful would be decentralized services that match the user experience of the existing ones. But that kind of innovation isn't what's going to be discussed here, I'm afraid. On the contrary, such eavesdropping-safe technology would be viewed very conspicuously by the non-tech savy politicians in Europe and other places.
But there isn't going to come a new Facebook or Google out of Berlin
That is, in part, because the kinds of privacy invasion those two organisations routinely conduct would probably have been challenged earlier and more aggressively if they had been within European jurisdiction, and particularly within Germany.
This is a feature, not a bug.
As a symbolic show of good faith, let's start by doing away with the cookie disclaimers.
While I welcome the initative, I think this a case of sky hooks and tartan paint.
I also find it highly amusing that based on her comments she suggests that the UK is considered to be outside Europe.
Based on the UK's actions they consider themself the same.
EG. Hacking Belgacom to to snoop on the EU.
It's helpful to distinguish between the country, its general population, and the actions of certain parts of its government in these kinds of discussions. The average citizen in the UK no more knew about, supported or condoned a lot of the recently disclosed intelligence-related activities than the average US citizen knew about, supported or condoned the recently disclosed behaviour of the NSA. If anything, I suspect there is a lot more latent resentment of these government behaviours in the UK, because we don't as a rule exhibit the same kind of patriotic fervour that significant parts of the US population do when it comes to military/intelligence matters.
UK media very often use Europe this way as well. It is as least as common to talk about the UK vs Europe as it is to talk about Europe and including the UK in that.
(So also be wary about that when interpreting comments - if they're paraphrased in UK media, this can easily creep in)
Does that even make any sense?
Would they force European users to not use GMail? Or force GMail to create a European branch?
I don't think governments prescribing what services to use is a good idea...
What part of the idea that data does not have to pass through the united states does she not get? Apparently all of it.
Don't give your data to US. Give it to Germany!!