Yves here. It couldn’t have happened to a more deserving bunch. As soon as Glenn Greenwald started to reveal the extent of NSA snooping, Ed Harrison remarked via e-mail that one of the casualties would be cloud-based computing models. Wolf Richter catalogues the damage so far. And who would trust any of the proprietors, given how obliging virtually all Silicon Valley players have been when it comes to indulging the pet needs of the surveillance state?
By Wolf Richter, a San Francisco based executive, entrepreneur, start up specialist, and author, with extensive international work experience. Cross posted from Testosterone Pit.
The cloud is a growth industry. And a religion in Silicon Valley: you’re better off with all your data and software stored in a data center somewhere on the planet. It’s at the core of Big Data. It’s a beacon of growth that revenue-challenged tech giants like Oracle and IBM wave in the faces of antsy investors.
IBM used the word 14 times during its earnings call in July. “Cloud computing,” “cloud offerings,” “cloud infrastructure,” it was all there. Revenues from the cloud jumped 70% during the first half, IBM bragged – to cover up an ugly tidbit: overall revenues fell 3.3%, and revenues at its US hardware division, Systems and Technology group, plunged 12%.
In between, it mentioned that it would write off $1 billion to pay for axing of 3,300 employees in the US and Canada – “workforce rebalancing,” it called it, and it’s trying to dump the unit. Meanwhile, it’s giving investors some fodder for hope, namely revenue growth from the cloud. Alas, on August 1, IBM admitted that it has been under investigation by the SEC since May on the very issue of revenues from the cloud.
“Cloud computing you can trust,” is the motto on IBM’s Cloud site. Notwithstanding Edward Snowden’s revelations about the NSA’s unhampered access to data stored in the cloud. And it’s serious business: IBM blew $2 billion in July to acquire Softlayer Technologies, which it praised as “the world’s largest privately held cloud computing infrastructure company.” Whatever that means.
The cloud is also the big hope for another revenue-challenged high-tech hero, Oracle. Its cloud revenues were up 50%, screamed the headline on its earnings release for the fourth quarter, ended May 31, though overall revenues stagnated. In the prior quarter, revenues had dropped 1%, instead of rising, with hardware sales being an outright disaster. At the time, Oracle’s fearless leaders ridiculously blamed thousands of “new reps” for their “lack of urgency.” But the global cloud is where the action is for them.
Facebook, Amazon (its AWS hosts a number of big cloud-based websites, such as Netflix), Microsoft, Google… just about all tech companies, online retailers, social media companies, app makers, every company with online storage products, spreadsheets, calendars, collaboration tools, online data back-ups, photo-sharing sites, and what not, they’re all playing in the cloud. You log into a website to access software and your own data – that’s the cloud. In terms of hardware, it’s data centers and fiber-optic links. Thousands of them. Everywhere. Big Data takes place in the cloud. And the cloud is where the NSA goes to pick through everyone’s data.
What we thought had been encrypted and secured on US servers, protected by trustworthy American corporations, has been made accessible, as we now know from the Snowden leaks, not only to companies that are willing to pay for it, but also to the NSA, other members of the Intelligence Community, government agencies in the US, state and local law enforcement agencies, as well as allied foreign governments. Made possible by formerly secret provisions in the Patriot Act and the Foreign Intelligence Surveillance Act.
But there is a price to pay. Tens of billions of dollars, it turns out. The reactions by foreign companies and governments to these revelations have “an immediate and lasting impact” on the US cloud computing industry, determined the Information Technology & Innovation Foundation. In its report, the ITIF estimated that the global market for cloud providers will be $148.8 billion in 2014, $160 billion in 2015, and $207 billion in 2016 – double the size of 2012, and more than four times the size of 2009. Companies in Europe and Asia are trying to grab market share, often with generous help from their governments. Now they have new ammunition.
In a survey conducted after the Snowden leaks, 10% of the foreign companies using cloud computing services said they’d already cancelled a project with a US cloud provider and 56% said they’d be less likely to use US-based providers. Conversely, among US stakeholders in the cloud sector, 36% said that the NSA leaks would make it more difficult doing business outside the US. The report estimated that if US cloud companies lose between 10% and 20% of their foreign business over three years, it will cost them between $21.5 billion to $35 billion.
But the report cautions it could get much more expensive “if foreign governments enact protectionist trade barriers that effectively cut out US providers.” In Europe, momentum in that direction is growing.
German Federal Data Protection commissioners threatened with new bureaucratic hurdles. Interior Minister Hans-Peter Friedrich announced that “whoever fears their communication is being intercepted in any way should use services that don’t go through American servers.” And Justice Minister Jörg-Uwe Hahn called for an outright boycott of US companies.
Similar maneuvering is underway in France. “It’s extremely important to have the governments of Europe take care of this issue,” explained Jean-Francois Audenard, the cloud security advisor to France Telecom; “if all the data of enterprises were going to be under the control of the US, it’s not really good for the future of the European people.”
Even before the leaks, the European Commission was trying to stymy US-based cloud providers by using data security as a fig leaf for competitive considerations. It’s “about building a new industry, and better competing against the United States in particular,” its European Cloud Partnership pointed out. Now its focus has sharpened.
Dollars are already shifting. Mateo Meier, CEO of Artmotion, Switzerland’s largest hosting company, said that revenues jumped 45% since the Snowden leaks. Global companies like IBM and Oracle, that are staking their revenue-growth hopes on the cloud, will feel – or are already feeling – the pressure. And once again, they might have to put their most creative minds to work on finding new excuses for their revenues debacles.
From tiny app makers to giant telecom companies, they’re all chasing after billions by collecting, storing, and mining personal data. Data is money. Much more than money, if governments get it. Which led Cullen Hoback to lament about his new documentary on privacy: “The craziest thing is that I didn’t realize I was making a horror film.” Read…. The Worldwide Surveillance And Privacy War (Which You Already Lost).
Not everyone wants to own computers, any more than they want to own cars or washing machines. A properly run cloud computing system would be beneficial to a lot of people. Sadly it doesn’t appear that either the government or private industry will be providing one any time soon.
Even if they did want a properly running system, there are huge technical, practical and legal issues that the drive to push us into the cloud is glossing over. Add to this gloss the fact that consumers and non-tech businesses don’t understand the issues, and its a major crisis waiting to happen. Search hacking and cloud computing. You can find a lot of scary stuff even if the NSA weren’t on the radar.
One wonders at the real need for cloud computing when an iPad 2 has more computing power and storage than a Cray 2 supercomputer.
No doubt cloud computing has it’s advantages, but it would seem that the only real gains are being had by those benefiting from the end users input.
The cloud exists to shift users over to a subscription-based system from a license-based system. This gives software companies a locked-in customer base and a steady revenue stream.
Cloud-based data storage makes off-site storage easier – but also has its own perils in the form of data security issues. If the data is stored securely, what happens if the computer with the encryption key gets destroyed? If you’ve got secure off-site storage for the encryption key, why use the cloud? What if the government is obtaining your username and password from the provider under a broad FISA business records subpoena, and that government computer gets hacked?
Technically speaking, it isn’t that hard to apply military-grade encryption to data before uploading it to a cloud for storage.
But you then have to contend with military grade code braking as well. It seems inconceivable to me that NSA has not dedicated a lot or resources to code braking efforts. We are at war after all.
It has recently been explained to me that many current “deep inscription” methods still depend on cipher-keys that can be intercepted or fished out by other methods. So the larger the data-cash, and the more frequently it is accessed, the more likely it will be that the cipher will be intercepted.
There is also the nature of the data itself. Consumers don’t have privacy rights. We all leave virtual foot prints just thought our daily activity. If you use start-card to buy gas, some one now knows how much gas you bought that day, where, for how much, and what grade you selected. That data then gets sold into the NSA data-market and used how ever they see fit. You can’t encrypt that because you don’t control the data.
Pay with cash and the problem gets solved (unless that camera videotaping you as you fill up is connected to the cloud).
Once upon a time there were two middle aged people who met through their professional occupations. She was hot and he was a senior executive. The only problem was that they were married to other people, so they tried to keep their budding affair secret from all their friends and associates. Like all modern lovers they couldn’t resist texting their thoughts to each other every day they were apart.
In order to keep their electronic communications secret they set up a mutual drop box that they could access by using the same password, just like 13 year old kids used to do years ago when they wanted to keep their conversations away from prying parents. Of course their affair soon became public knowledge, and he was forced to resign in disgrace from one of most powerful positions in the world.
His name: General David Petraeus, former head of the Central Intelligence Agency.
Now if the head of the CIA doesn’t know enough to use even common encryption software like TOR when trying to protect his privacy and career, how much credibility should we give to the “chatter” his former agency supposedly collects that is then used to provide a smoke screen for politically motivated actions and undeclared wars?
The affair wasn’t exposed because of their drop box. Paula Broadwell, the general’s lover, was using an anonymous account to harrass a woman she saw as a rival for her lover’s affection. She used an anonymous account, and she only logged in to that account from hotels, coffee shops and the like. But she was on a book tour (for a hero-worshipping book about her paramour!), and when the feds tried to figure out who owned the account, the trail of cities it had been accessed from matched up with her book tour.
And does that (accurate) account of the outing disprove my point that the CIA director didn’t have a clue about how to protect his privacy? Or that Terror Alerts have a lot more (historically verifiable) correspondence to Machiavellian political maneuvers than to actual threats?
I never liked the idea of handing over my data to a forkin’ cloud. Too big brotherish. Turns out my fears were well founded.
At the margin, this NSA business may make businesses less inclined to outsource. Although it’s kind of early to see that much impact. And IBM is playing catchup to Google, Amazon, VMware.
Tough call, to forego the kind of cost and scale advantages people get from Google mail, or Amazon infrastructure and every type of application as a service.
“Tough call, to forego the kind of cost and scale advantages people get from … Amazon infrastructure and every type of application as a service.”
You and Middle Seaman (below) and I know this. But most people think of Amazon merely as a giant retailer and have no clue how advanced Amazon’s cloud services and rentable infrastructure already were as early as 2007.
For those who don’t know: essentially, for the last half-dozen years one can rent from Amazon’s EC2 service virtual supercomputer capability tailored to one’s needs for $50 (or not much more) that one probably couldn’t have rented or bought for anything less than some substantial fraction of a million dollars half a decade earlier.
Most of you are never going to need supercomputer capability, of course.
I’m sure there’s plenty of Amazon/Bezos hate out there and that’s fine. But Amazon is far, far more than a giant store and has been in some ways more scarily advanced than Google. Look at how simple and clean just the EC2 interface is —
And then there’s Amazon’s Mechanical Turk, for when you need some cheap meatware —
“Amazon Mechanical Turk is a marketplace for work that requires human intelligence. The Mechanical Turk web service enables companies to programmatically access this marketplace and a diverse, on-demand workforce. Developers can leverage this service to build human intelligence directly into their applications.
“While computing technology continues to improve, there are still many things that human beings can do much more effectively than computers, such as identifying objects in a photo or video, performing data de-duplication, transcribing audio recordings or researching data details. Traditionally, tasks like this have been accomplished by hiring a large temporary workforce (which is time consuming, expensive and difficult to scale) or have gone undone.
“Mechanical Turk aims to make accessing human intelligence simple, scalable, and cost-effective. Businesses or developers needing tasks done (called Human Intelligence Tasks or “HITs”) can use the robust Mechanical Turk APIs to access thousands of high quality, low cost, global, on-demand workers—and then programmatically integrate the results of that work directly into their business processes and systems … at a lower cost than was previously possible.”
This is old news for some of us. But for the rest of you, Amazon has been doing this for most of the last decade. Impressive and scary, huh?
Why else would have Bezos purchased WaPo?
Simple: to make sure that on this side of the pond he can squelch any dissidence against the cloud model. Unfortunately for him, The Guardian also has the same docs and has continuted the Chinese Water Torture against the Surveillance State.
Bezos has one chance to be on the right side of history-but I fear he’ll blow it in order to protect his archipleigo.
Now if the rest of the world can begin to wrest control of the DNS root servers away from the US, then maybe humanity stands a fighting chance-but I’m not seeing a whole lot of movement in that area.
As someone who works with both cloud services and physical servers on a daily basis. I can tell you that in many cases, unless you have a very ‘webby’ application that needs instant scaling, the cloud is not that economical and can be in most cases more expensive.
I know many firms who have pulled out of the cloud after very bad experiences.
Everything depends on your app and it’s the addage, the right tool for the right job.
Unfortunately most IT execs don’t get that.
Bingo! I’m in the same field and we just dealt with a 150 person office who made the move “to the cloud” only to discover that due to compliance requirements and lots of minor issues the move was not worth it. Further, we caution a lot of our clients who want to do a hosted solution to first run the numbers. We provide secure hosting as well, but in many, many, many cases it is simply not worth the cost especially when for most of our clients a buy-once-every-seven-years strategy pays off handsomely.
Bigger outfits who need scaling? Absolutely – makes perfect sense.
If a law firm goes the cloud route, what’s the danger of federal and state agencies hacking their files when the firm is representing clients in cases involving those same agencies?
I’m just making a WAG, but I’d say, oh, about…100%?
I wonder just how much of an earnings hit the US Cloud industry will suffer in the long-run thanks to the NSA and their penchant to “raidasphere”.
As the CIO of a company, you spend much time and money to protect the company’s data and you undoubtedly don’t need the contractor you entrusted your data to, to go behind your back and provide open-access to government.
However, in many EU countries, security agencies do not presently have to go to court to get access to data in the cloud. When more companies and their CIOs become aware of this, there will undoubtedly be less cause for alarm about using a US cloud provider despite the PATRIOT Act enabling NSA surveillance.
In addition, as an end-user, you sign away your right to digital property through service subscriptions anyway.
The only really secure way to store data – and this is not 100% foolproof – is probably splitting each byte over at least half a dozen clouds or more in different countries though this would be deemed amateurish by WikiLeaks standards, that I am sure of!
Even before the Snowden revelations I was somewhat skeptical of cloud computing because using did not seem
safe for storing ones porn, pirated movies or corporate secrets, let alone lolcat pictures.
It’s not just foreign companies abandoning the big names. British PC magazines are already sporting headlines like “Abandon Google”, telling users how to use local encryption, where to find European-based alternatives to American e-mail & social networking providers, and how to use local backup software. The foreign market for individuals for the big US names is DOA.
In this country, I think there will be a slow, yet undeniable reduction in the use of Facebook, et.al. People will start to question whether they need to give these companies, and thus the government, all of this information. Just as there was a critical mass of usage that made these services popular, there may be a critical mass going the other way…if someone’s friends & family start to reduce their usage, then people may question why they shouldn’t reduce as well. And while corporate users would love to get rid of their IT departments, YESTERDAY, having every corporate secret handed over to the feds & every Chinese hacker on a silver platter may disuage them from doing so.
The other comments remind me of a recent “adventure”…I was in Staples a few months ago, looking at external hard drives. One of their overpushy salesmen comes up to me and says, “Have you considered Carbonite online backup?” I said, “No, I’m just looking.” And he still proceeds to go into the sales pitch. Then, before walking out without buying anything I said, “Let me stop you…I am not interested in having every file I have, rifled through by somebody at some cloud company.” Right idea, wrong scale.
“Just as there was a critical mass of usage that made these services popular, there may be a critical mass going the other way…”
Bingo, give that man a cee-gar. This is quintessential herd mentality for most retail users. They are already spooked, the more tech savvy the more spooked. The more tech savvy are usually opinion leaders in their circles. What is now fashionable but fading may soon be a freakin’ fatality.
These companies are in high-gear to turn off generations of users of these services, leaving the too dumb, too disengaged or too busy to care still using them.
In all likelihood, at that point there will be some sham Congressional action to give the appearance it’s all been reined in and everyone can go back to their old ways.
I’ll bet it ain’t going to happen. These clowns have engaged in a brutal game of self-abuse and it’s going to be a hoot to watch it unfold.
Several clarifications are in order. The cloud is here to stay. Failing to use the cloud for whatever reason disadvantages large and medium companies substantially. Most data companies and people own are of no interest to the NSA or any other spying on its citizens agency. NSA will not be alone for long. Other countries, including the Europeans, will start snooping around sooner or later.
Big Data and the cloud aren’t the same. Big data results from the explosion in data we produce and use. Medicine, for instance, has huge amount of measurements that at times have to be mined for meaning, triggers, trends, etc. Whether the data is on the cloud or on local data servers, big data is here to stay.
The cloud enables massive sharing and collaboration. Modern organizations exploit collaboration and sharing to improve productivity and quality.
What the NSA does is highly influenced by non-security factors. Huge inequality makes the 99% non-entities that can be spied on. Companies are people means actually that people are way less valued than companies and, therefore, people don’t even deserve rights. This authoritarian view will not stop were we are now. We haven’t seen nothing yet nor will it stop at our borders. Europe will get there fast and furious.
From what I’ve read recently, the European govs are already long experienced in snooping and at any rate, it’s naive to think any gov wouldn’t extend its reach as far as it can. Power does that.
France is the birth-place of the security state – see Colbert (http://www.wondersandmarvels.com/2009/07/the-information-master.html ) – or Fouché. And the state hasn’t lost its delicate touch : http://www.theguardian.com/world/2013/jul/04/france-electronic-spying-operation-nsa . As to the Brits …
I think, drilling down into my attitudes on this a little deeper, it’s not that I have a problem with mass data collection. I’ve always viewed the Internet as a quasi public space anyway, a bit like having a conversations with individuals or a group in a convention centre.
So, sometimes you get eavesdroppers. Okay, my choice whether to talk about those subjects at that venue with those people. Or not.
Where I get tipped over into the “big concern” camp is who are those eavesdroppers and what are they going to do with what they overhear. Which is, fundamentally, a rule of law question.
If I know that I live in a state which affords due process, the right to a fair trial and protects the citizen from abuse then I’m less concerned.
Conversely, if I believe there is a risk that I’ll be extradited on the flimsiest of evidence — or, worse, guilt by association — to a regime which will without any qualms in the slightest do a Bradley Manning on me (that’s you I’m looking at, America) then that’s entirely different. Suddenly, those eavesdroppers aren’t just being a bit curious, they’re a menace.
Bottom line, then, is what we have to fear most is the debasement of the rule of law. The snooping and surveillance society are operational tools of the debasers. But the debasers are the actual threat.
This “I have nothing to hide” stance is very naive.
One of my buddies, a former diplomat, rearranged his life in a very serious way in terms of how he used technology when he got wind of the Snowden revelations. He clearly had not been a snoop (otherwise he would not have been unaware) and I’m sure he’s squeaky clean.
I won’t have anything on a cloud server. I’ve never liked the Apple synching, convenient as that supposedly is. Everything important to me is on servers by vendors I pay and where I am a meaningful client, not behemoth bureaucracies. If there’s ever a demand for discovery, I can fight that and reimburse my vendors for following my lead in those actions. If Amazon got a request for information, it would be turned over in a nanosecond. There are practical as well as surveillance reasons not to go with these ginormous companies. I’ll pay for backups on servers in racks all day to have a smidge more control.
So if a guy who does understand the reach of the government reacts this way, why should you be so confident?
That’s why I run my own server where I have to hand-key my passwords to unlock my encrypted drives.
And the reason why IBM’s hardware division was down? They introduced the zEC12 and got a lot of buyers upfront to make the previous year’s numbers look good. One problem, tho: licensing IBM and other third-party software takes a serious bite out of corporations budgets when you move up the CPU chain-especially if you’re running EC12’s under the legacy z/OS platform as opposed to buying them to run Linux/Java workloads as a server consolidation strategy-at which point, commodity hardware gets competitive against legacy big iron.
Worse still-the generation that kept mainframe’s alive are starting to retire, and the education system hasn’t taught those skills for two decades. And many corporations, highly dependent on that base, get a big sticker-shock when they look at re-platforming core systems as opposed to nibbling around the data delivery edges.
The cloud(s) is not for your convenience; the cloud is for _their_ convenience. Stop and think about that.
Of course your data and your usage is being mined by your mega-corporate ‘service [sic]’ provider. Look at Facebook: it’s your DATA that they are after, because of how they re-sell and on-market partial access to it. It’s the television principal: pretty pictures are pushed out ‘for you’ so that your retina can be rented to third-parties for their advertising/messaging.
Then there is the learned dependency of needing the cloud for anything at all you want to do. Your data, your communications, your processing, your archives, your group actions: all of that is under the control of someone not-you. Some corporate someone who cares less than nothing about real-you. You cares far less about Real-You Co. than it does about some marginal ‘improved efficiency’ in its core, which said change nukes your model or data, whichever happen to be in the way. And worse, your access to all of that, back-ups included, can be interdicted at the tittle of a keyboard in a control room far, far away—and real-you is SOL. At any time. For any reason. That’s even without Big Guv Police dropping a viral pellet in your storage because you happen to be on somebody’s Excreta Agenda.
Sure, for medium and small companies which can’t afford to run real IT departments the cloud can save them immense amounts of money, in exchange for turning them into the digital serfs of Big Corp. Because that’s the way it is: Big Cloud Corp doesn’t work for you, you bow and scrape to them for the right of your business to continue to exist, once you’ve signed over your complete data and back office to them. You can’t even switch to a competitor: systems may be deliberately incompatible, and the crossover time is mission prohibitive. You are very likely wed to Big Cloud Corp forevermore. Who never explain. Who never answer the customer service line. Who don’t care if your business’ oxygen gets crimped for [whatever reason] just a few hours longer than your business can survive. So sure, use Big Corp’s Big Core for non-core activities if you choose; especially if it’s free. Just don’t put anything really important in the ether without understanding that you’ve simultaneously handed a kill-switch for your company to whoever operates that core.
Oh and collaboration = groupthink. Think about that the next time somebody wants to sell you on the necessity of ‘collaboration.’ Most innovation, ever, has been 1-3 people in a cluttered room somewhere. Collaborators don’t rock the system because they’re all arm-in-arm. And that leads me to a parting shot, that the cloud is just the latest ‘tech will save our souls’ pablum we’ve heard for four generations. Tech enables somethings, while disabling others, and increasing ‘data drag’ on actually thinking, producing, or enjoying anything. Techites think they’ve found a digital Shangri-la: I’ll bet that’s what the morlocks thought when they went down into the core int he last days they looked human, too.
Sure, for medium and small companies which can’t afford to run real IT departments the cloud can save them immense amounts of money, in exchange for turning them into the digital serfs of Big Corp.
Therein lies the problem. If you are a small or medium business in any kind of space that’s at all competitive, saving immense amounts of money is seldom optional. If you don’t do it, your competitors will and you’ll be priced out. There will likely always be a niche market for the likes of Yves who want their electronic assets physically under their control and are willing to pay a premium for it, but a niche market is all it will be.
I don’t think cloud and security of information are fundamentally incompatible. It would work in the US if the constitution and the law were functioning in the way most of us would expect. The fact that they’re not has many important consequences, of which the possible compromise of the cloud business model in the US is only one.
It’s also possible to do cloud services in some spaces (e.g. storage) with security that’s impenetrable at the server level. Mega (the successor to Megaupload) is based around this principle – the client controls the encryption keys, and even if Mega was raided by the Feds and forced to tell all at gunpoint, they couldn’t give up the keys because they don’t know them. The fact that the US government killed Megaupload and is expending so much effort on trying to destroy Kim Dotcom should help convince you that it’s not just another front for the NSA.
I’m also skeptical about whether owning your own servers gives you that much protection compared to the right cloud service. What if the government just comes in and takes them (a la Cryptonomicon?) I’d think that a cloud service, hosted outside the US in a legal jurisdiction that you trust, and with the right encryption structure, would offer a lot more protection. The biggest barrier for US residents is that the government is well on the way to making uncrackable encryption illegal. It may be already for US-based service providers – for example, Mega might be considered illegal in the US if their inability to decrypt their content is considered to violate FISA compliance.
[I]Oh and collaboration = groupthink. Think about that the next time somebody wants to sell you on the necessity of ‘collaboration.’ Most innovation, ever, has been 1-3 people in a cluttered room somewhere.[/I]
This is simply wrong. If we see so far, it is because we sit upon the shoulders of giants. Our modern society is built on collaborative efforts. Entire pyridines and revolutionary ideas were built upon the research of those proceeding. The Right Brothers and Tomas Edison built their innovations on generations of scientific inquiry that was freely available.
Today – big data is becoming indispensable for both research and government. As we try to make our economy more energy efficient, you know – to produce less green house gas – we need real time data about every one’s power usage and demands in order to manage the grid for this kind of efficiency.
Big data is not a tool of oppression used by corporate oligarchs – it’s just information where there happens to be a lot of it.
Obviously, there are abuses here that need to be delta with. Hard enough dealing with those issues, so we can do without all the boilerplate conspiracy reactionism, thank you
The cloud is evil. These corporations raping your private info for personal profit and to mainpulate and control you are evil. Everyone who works in tech are evil enablers who hate people and want us to give up our bodies and donwload our brains to harddrives on the cloud, like Ray ‘Krazy Kurweil’ and the sigularity religious nuts.
Yes, technology is an evil religion and this guy is a true beliver. What a nut!
I have one word for you, young man.
Terabyte capacity. Turnkey DIY. A decade of refinements in widespread use. Forked as GPL: no NSA-fronted corporations to trust.
There’s nothing wrong with clouds, if they’re yours.
What everyone keeps walking past and fails to graps, is the fact that the NSA has been a HUGE contributor to the Open Source Movement.
Think about THAT for one second.
Right. Waste was from AOL, NSA’s first attempt to make a Disneyfied panopticon. But then people just forked it. SElinux sits on your computer but you can use apparmor instead. NSA couldn’t really compromise encryption per se, it’s too hard to fake. They tried to rig the random-number generators, and got caught. They always get caught, soon enough.
You just get used to ripping the guts out of your computer every once in a while. When I got tired of doing it with Apple I deserted them for ubuntu, which by now is stripped down practically to Debian. If continuing privacy encroachments in ubuntu get on my nerves, I’ll go to openSuse or tails or netBSD or trisquel or Parsix or something, who cares? Before NSA can corrupt open-source completely, the population will break down their doors and carry out their records, like they did to the verminous Stasi scumbags that came and went before them.
Now is the time for retro-computing architectures to get dusted off and re-deployed, simply because like dead languages, few people understand them.
Back in the 1960’s Multics implemented segemented and ring-based security; that has been lost on the current generation of OS architechts-especially an OS whose kernel was all of a whopping 400K in (gasp) PL/1-which outside of Burroughs’s MCP, was unheard of-even more so, since PL/1 was an IBM creation but used by GE and later HOneywell in successive generations of Multics.
Those people, who have a lost a sense of history, are going to have to relive it themselves.
Everything in the Cloud? Dream on.
But wait ! There’s More ! It gets worse…
Not part of my day job, but I am thinking of branching out into something new (shaggy dog story, details not relevant here, lets just say if you’ve spent 25 years in the FIRE industry you’d want out too unless you’re morally bankrupt) and was doing some research on small to medium scale residential HVAC with large-ish volumes of refrigerant in the system. This is relatively new in this sector, where packaged or single air handler arrangements predominate. This has brought up the potential issue of refrigerant flammability and toxicity in certain situations. The economics — and consumer desire — for systems with large amounts of refrigerant in a single circuit might be reduced by perceived health risks and/or costs of leak detection and containment countermeasures.
That’s the back story. So, wanting to do research, I of course thought of the internet. Then… I stopped. Did I really want my search traffic (which would be include how certain refrigerants give off toxic gasses such as phosgene, a chemical weapon of long, as in, WWI era standing when combusted) to be picked up by the security services ? Here in the UK, I tell myself it’s not that bad, I might well be naïve but there you go, but I don’t have one shred of naivety when it comes to the NSA, CIA etc. Therefore, nope, I won’t be looking up toxicity PPMs, ventilation rates for safe dispersal, masses of gas X produced by burning gas Y and so on. I’ll go to the library.
I’ve said here before, I’m the last person to reach for the Tin Foil Hat. But having read what I’ve read, I am certainly not going to take that chance or turning up on some list or other — that I won’t even know I’m on — and having problems down the line.
People’s behaviour is influenced by all sorts of things. Sometimes we’re the fabled “rational actors”. Sometimes, we just play our hunches. Sometimes, we become hugely risk-averse because the consequences, however remote, are potentially way too troublesome for our liking.
Well done, then, NSA, GCHC and your cadre. You’ve added your own little smidge of inefficiency to my working. I really don’t believe I’m the only one. Still, at least the city library gets a bit more footfall…
You are NOT naive or guilty of Tin Foil Hat thinking.
No, this is why I said we all need to research something really weird like that an hour before we all leave for vacation. They won’t come running after you in an hour. And if a whole bunch of people do that (and talk it up in advance as perfectly permissible civil disobedience) what are they gonna do? Have police call on 100,000 people?
We need more wildebeest strategies. We all need to go across the savanna together.
Okay, I will take a risk for the greater good then :-)
What they’d do is simply lock down the airport. “We have intercepts of a plot. (I mean, try and prove we _don’t_, we are the Law and you don’t have security clearance).” We have just seen this exactly while US Big Spy is trying to shove it’s own putative legitimacy under the nose of a querilous Congress. We have absolutely no proof of ‘a conversation INTERCEPTED (*hint, hint*) between bad guys, but the guvming can shut down embassies just the same, and dronssassinate a few dues walking around the outback whose guilt or innocence can never be proved.
Big Gov doesn’t think small. Shutting down a dozen airports would be a feather in their cap to prove the putative relevance of their actual nefarious indecencies (or worse). And in the end, they could always blame _you_, while the mass of the sheepble baa-aaed disapproval.
They do not forget anymore. A year, a decade, they know who crossed the savanna.
Maybe I’m making excuses because I’m a wimp, but there’s a big collective action problem here. Plus, do I want to try this strategy and research ricin or something, and then get stuck at the Atlanta airport six months from now because I’ve been put on a no-fly list?
Some call it being a wimp, others call it being able to see the nose on the end of your face, or facts. Permanent data storage of every key stroke you ever make. Instant retrieval on a keyword that’s the same as any word you ever typed any where any time in your life. Think about it. You’re no wimp.
The wildebeest strategy seems to me a workable response to this police state. A nice addon for Firefox to spew out random searches designed to arouse the interest of the SS. I would call an addon like that “piss into the cloud”.
Yeah, I was saying to Snowden the other day, we need a cloud for all the stuff we got – we been helping him out with the dead-man’s switch, you know, and we were thinking what kind of P2P is best for the NSA blackmail files. We made a animated GIF of the Diane Feinstein lesbian B&D intercepts, and it’s funny as hell, like hippo rut on animal planet, aoooo, aooo, but holy crap, it’s big. Goes on and on till you wanna scratch your eyes out. She’s so old she farts dust but damn, woman can’t get enough. Then we got Gigs of HD video of Scalia and Alito making the beast with two hairy backs. It’s gonna run into money to stream that. Then we got craploads of comical phone-sex mixtapes, we got Lindsay Graham eekin in a little schoolgirl falsetto with Larry King’s fresh meat on the line. Then Ed was sayin we should make a slideshow of General Alexander’s kiddy-porn stash, but I dunno – like shouldn’t we at least pixelate the faces a little? Malia’s in there. So if anybody has technical suggestions lemme know at firstname.lastname@example.org.
“But having read what I’ve read, I am certainly not going to take that chance or turning up on some list or other — that I won’t even know I’m on — and having problems down the line.”
There’s a real danger of that isn’t there, particularly bearing in mind how hard it is to get OFF lists once you’re on them. It’s easy to imagine getting denied entry at an airport somewhere, or not getting a job or contract in something like education or anything connected to the MIC. Perhaps a black smudge with your name on it in some database could be enough to narrowly prevent you getting a loan or mortgage.
The whole “chilling effect” thing is a pain in the neck.
Ala Buttle/Tuttle in the movie “Brazil?”
I have always basically assumed that loading Naked Capitalism several times a day has put me on some kind of list.
Excellent point. I’ve thought the same. Maybe the wildebeest strategy is not as risky since we’re already marked for the kill.
The ‘just do it’ approach starts out by putting up a new application on amazon. There are now a variety of cloud configuration services that allow you to migrate your app to practically any other cloud. I’d personally prefer to host my clients in some place outside the UK or USA; even though I might develop it on amazon. Iceland looks promising.
Also, the chances of me ever buying a chromebook are now zero.
>And Justice Minister Jörg-Uwe Hahn called for an outright boycott of US companies.
Hahn is the justice minister of Schleswig-Holstein, not germany, and he didn’t advocate a boycott of all US companies, but just those handling their users data carelessly.
I feel so bad for them.
When Google pulled out of China because of hacking I knew that cloud computing was going to be a bust. Sooner or later.
Should we call this sooner?
Good grief Charlie Brown, not trust the US? What about not trust the model, period, for crying out loud? You seriously think Lucy only has a US passport?
It’s been absolutely mind boggling to me that people have flocked so unabashedly to this centralization model of the web and the cloud. It’s the ultimate rent extraction model where you pay a monthly rent for virtually every cpu cycle in every web-app you use to grow your data and then you pay more rent to store that data so that the NSA and whoever else that has the price of corruption (pennies if you’re big enough) can harvest it more conveniently. It’s the ultimate trust (…every step you take, every move you make) in the big guy at exactly the time the big guy, or corporate world, or .01% overlords, is/are proving over and over again to abuse that trust for profit, for prestige and for power as if you were nothing more than their meat supply on the hoof.
And that doesn’t even touch upon a darker side. Namely, the model is like an ant colony: it puts the “thought” process as well as the data in the hands of a centralized entity. It’s not just what you think being stored it’s HOW you think that is being centralized and “owned” by others. That may have some efficiencies, but as humans have proven, there are advantages to having each node do it’s own computing as well as having the principal copy of its own data storage. Ant colonies succeed until a predator figures out a single weakness of the queen bee. Human colonies, on the other hand, think for themselves at the individual level and, quelle surprise, rule the world. Granted, given present circumstances, that may be an overly optimistic description of human advantage; we seem to be utterly helpless when confronted with greed as in: Greed R US.
While assuming that we have no control over some personal data – medical, school records, etc. – held in the Cloud, why on earth would anyone keep their personal papers in Amazon, Apple or Google’s file cabinet?
Please excuse the archaic metaphor.
—-It’s the ultimate rent extraction model where you pay a monthly rent for virtually every cpu cycle in every web-app you use to grow your data and then you pay more rent to store that data so that the NSA and whoever else that has the price of corruption (pennies if you’re big enough) can harvest it more conveniently.—-
Thank you. Those factors have been my thoughts on the matter.
I’m not sure what the fuss is all about. Echelon has been known since … well, I’ve known about it since the 1980s.
Echelon are some pretty big dishes in the English countryside that tap emails and conversations transiting east-and-west by satellite above the UK. The NSA can do this, since – last I saw – the UK was not a part of the US.
What the NSA does in the US is something altogether different because there is a law that pertains. It’s called “invasion of privacy”. So as regards “telecom meta-data”, this means it can track who you called/emailed and who called/emailed you if started inside the US – and they probably can word-search either.
Most important is word-searching. Meaning a program “reads” your email and telephonic communication for key-words. Like “bomb” or “the device” or … well, you get the idea”. It then keeps the data and when whatever key-words come up too often, which indicates “suspicious pattern” – they then get permission to listen in from a special court.
Is this “wire tapping”? Yes, now it is. Is it illegal? Well, is the special court, the judges of which are nominated by the Supreme Court Chief-Justice Roberts, illegally justifying a wire-tap? Don’t think so …
Do they really care that you may be cheating on your spouse? Somehow I don’t think the key-word searches include that subject.
Do they care about communication between drug suppliers and dealers? Is that so bad?
So, what’s all the fuss about … ;^)
Do they really care that you may be cheating on your spouse?
Well, it depends. Are you David Petraeus? Or Julian Assange? Sometime in the future will it be valuable to them to be able to destroy you? Do you intend to ever publicly dissent?
Then I think they probably care.
There was a thread a month or so ago on NC about what techniques readers used to protect their own privacy. At the end of the day there is very little one can do without lots of money and/or lots of technical background (which is the same thing really). Now were stuck. It really isn’t going to change without major social upheaval. Few even have a clue of just how far over the edge we’ve gone.
The “net” is flawed by virtue of our own deep flaws. It magnifies them. Even without this cloud business, there would have been a lot of challenges. Anonymity should have been the big craze after the net got going, how to protect identity AND avoid trolls rather than some over the cliff stampeede to mimic a mindless chick dancing in the shadows with a white ipod.
Anonymity and individuality. It was amazing what a single computer could do. Mind boggling disk arrays for pennies that mirrored data in absolutely fail safe ways. Plug it in, 1/2 second, done. Why anyone would want to relinquish that is simply unfathomable and why anyone who stampeded into the cloud would imagine for a minute that they were not giving that power and control – over their OWN computers and their OWN data – up for good by doing so is equally mysterious.
Since 1994 or thereabouts I have not put anything online (or in a telephone conversation) that I wouldn’t want on my employer’s lunchroom bulletin board or posted at the local police station. “Cloud computing” be damned, I’ll have no part of it.
To think that you “need” the cloud, even if you’re a small business, is naive. Talk to an IT professional before you make that assumption. A few midrange computers, Linux and a huge amount of free, easy to use business software reduces cost of ownership. Initial investment may be higher (e.g. about $8000-10,000) for a standard small business (< 25 employee) setup, but over time, you have few ongoing costs other than space and power, and with Linux, none of the internet security or monitoring risks that you'd get with Windows or Apple.
It’s noteworthy that the DoD developed it’s own solution to provide the benefits of the cloud without the hangups: the Grid.
haha, it reminds me of the climax of Glengarry Glen Ross.
“You want to learn the first rule you’d know if you’d ever spent a day in your life? You never open your mouth til you know what the shot is. You ******* child.”
Even better would be fresh Mamet Speak on the NSA…
To clear the air regarding “Mass Surveillance” I suggest reading this WikiP article here.
There is a lot being misunderstood between “tracking data” and “wire tapping” – and Snowden’s revelations have not helped the matter in the least. They have just brought more attention to the level of surveillance (meta-data) and confused the nature of said surveillance (intimating it is indiscriminate and illegal).
I maintain that, in order to actually transcribe any telecommunication (whether emailed or messaged or telephonic), requires a warrant signed by a judge obtained after having shown “probable cause”.
You “maintain” that? It sounds more like you “choose to believe” it. The NSA revelations have been perfectly clear, and they don’t correspond to these fairy tale views.
Is it convenient that what you choose to believe also requires zero effort or action on your part?
I recently owed IRS some back taxes about 2k Odd. I opened a BOFA account where the IRS came to know about the account in less than 5 days and put a levy on my account. I am not debating the crime I did it in the first place. I am saying that if you are on the list, everything is recorded. I am sure they are monitoring my email and Iphone. I moved to the USA thinkging that my parents in India won’t be able to watch every single move of myne and now I have bigger worry than just that —-
GWBUSH IN HIGH SPIRITS
Several writers are expressing it
High Spirits of Jack Daniels???
1800B Budget to 3500B
5800B Debt to 11,900B Surplus to 1400B Debt
237,000 Jobs Per Month to 31.000.
Invasion of two poor unarmed nations
Alienated 1500 Million Muslims..
Snort snort ole Jack gives one high spirits
he cannot travel abroad for fear of being arrested and sent to The Hague.
Umm… as bad as the NSA might be, I doubt the European surveillance state is much behind. Indeed, much of the outrage coming from across the pond sounds to my ear more like envy… You must recall that the UK has been far ahead of US surveillance states efforts. They CCTV’ed the entire city of London to “fight” Irish terrorism but now use it to arrest shady teenagers congregating on steet corners, not to mention virtually ogle attractive women as they jiggle down the sidewalks.
Exactly which nation-state should you locate your cloud in to avoid surveillance? Can’t think of many. And if your data is generated in the U.S and must travel through undersea cables to reach Europe/Asia/etc cloud servers, then your data is already hoovered up by the NSA in transit.
Furthermore, as others have pointed out, the cloud isn’t really a great deal for anyone who can afford to have a decent IT shop. And it isn’t new either. Everything goes in cycles in the IT world. First all data was centralized in mainframes, then de-centralized to PCs, then centralized to client/server architectures, then de-centralized to fat clients, now centralized to “the cloud”, and inevitably decentralized again. What’s old is new again.
Ironically, one of the best platforms for the cloud is an IBM mainframe. Shows you how little things have changed…
P.S. Any of you who think the NSA is only now violating its charter by engaging in domestic spying needs to read James Bamford’s _The Puzzle Palace_. The NSA has been doing this for a long time. If I remember correctly, back in the day, there were only 3 undersea international cables that carried voice data from the U.S. to Europe. The NSA approached AT&T and was able to tap all three, which means they were able to listen to every single overseas phone call made between America and the world (and vice-versa).
For those who think that whatever data encryption you have access to is secure need to think again. The NSA’s stated aim is to be 10 years ahead of civilian cryptographic research (this may now be less tenable because civilian academic cryptographic research is growing and the NSA may not be able to stay as far ahead as it wishes). Given that advantage in both cryptographic research and brute force computing power (they measure their computing power in terms of acres of computers…), I suspect that most civilian cryptographic technology most of us have access to is very likely compromised.
“For those who think that whatever data encryption you have access to is secure need to think again. The NSA’s stated aim is to be 10 years ahead of civilian cryptographic research (this may now be less tenable because civilian academic cryptographic research is growing and the NSA may not be able to stay as far ahead as it wishes). Given that advantage in both cryptographic research and brute force computing power (they measure their computing power in terms of acres of computers…), I suspect that most civilian cryptographic technology most of us have access to is very likely compromised.”
You know what I hear when I read things like this?
I hear the NSA saying “Give up. Leave it all in plaintext. Don’t even try to defend yourself. It’s hopeless. We’ll always win.”
I don’t doubt that one of the NSA’s most fervent wishes is to decrypt absolutely everything, and that they are blowing enormous cycles and brainpower to accomplish that.
But until I *KNOW* it’s irrelevant – until I *KNOW* they can read everything – I’m going to throw caltrops down on the road, sand in their eyes, a veil over everything I can readily control. At the very least they are going to burn some cycles on my ass to read my birthday wishes to family or the like.
This should all be reflexive. All voice traffic should be encrypted, all email should be encrypted already. We shouldn’t even have to ask — the protocols should have REQUIRED it. The failure to enact this demonstrates a craven weakness in the heart of the American software developer.
Is using 4,096 bits of encryption enough? I don’t know. But until I hear otherwise I’m going to try. Because if I don’t, then I KNOW they can read it.
I’m sorry for the confusion. I don’t mean you shouldn’t use any encryption. After all, the principle of computer security is to make the costs of breaking that security higher than the value of the information obtained. There’s no such thing as absolute security.
My point, however, is that the costs for the NSA to obtain and decrypt a message may be significantly lower than what it would cost us in the civilian world. And therefore our security using current encryption standards is lower than we may believe (although the costs may still be higher than the value of the information we send).
Furthermore, I’d bet good money that the NSA isn’t decrypting everything it obtains. It’s merely storing it for now, to be decrypted at a later date when needed. For example, for now, the NSA might store your 4096-bit encrypted messages. If you’re ever placed on a watch list (or God help you, a Kill List), your messages all of a sudden are a whole lot more valuable, and then it’s worth the effort to crack them. If this happens 10 years from now, the algorithm you’re currently using might have been widely cracked already, and your messages might be trivial to decode.
As an example, DES was approved by the NSA in 1977 and widely used until 2002 when it was withdrawn after being cracked. Now, thanks to improved techniques and the exponential rise in computer power, a civilian can buy a machine for <$10k that can crack DES in less than a day.
So I guess what I'm saying is that the value of the encryption technology you (as a civilian) have access to right now is lower than you might think. That doesn't mean you shouldn't use it, just that you should be aware of that. And given that the NSA is planning on storing everything they accumulate for years if not decades, you would need to be using an algorithm that you hope won't be cracked by then.
I agree with Lune generally including that it’s still worth the effort to use up as many NSA computing cycles as you just as a matter of principal.
I would differ only in that I don’t think it’s all that difficult – now, technically – to be reasonably sure of your privacy with the appropriate software and hardware. The trouble is that the stuff costs money and time and knowledge and in some cases, connections. And it’s not a one time up front cost. Its constant upgrades, constant training or learning effort, constant testing for security breaches and vulnerabilities. So essentially, privacy has become and is becoming ever more pretty much the exclusive domain of the rich, the connected, the elite.
Professor Howard Zinn used to love to say in his BU class (or one of them), “You don’t have freedom of speech in the United States unless you own a printing press.”, and he meant exactly the same thing, money.
That’s one of the reasons why encryption technology, moreso than other computer science domains, demands openness. Who in their right mind would trust a proprietary encryption method that has no peer review? Perhaps the only reason why Blackberry is still alive today is that they laid much of the foundation for elliptic curve encryption technology, patenting key portions of that along the way.
And it [the cloud]isn’t new either. -Lune
Well, actually there are a few new things in this incarnation. One, the scope. In previous iterations, the servers you were talking about were for business. Technology simply didn’t exist for mass storage until after 2000. Second, the rental of applications was never pushed and it’s pushing the standalone (traditional programs) off the market – period. The “dumb terminal” was the closest thing to it, and THAT was only for business, and it was pretty much a complete flop for most them anyway. Things were just too slow.
The biggest difference, however, besides scope, is the easy to sell as efficient but ruthless rental model and the likelihood that traditional applications will wither and disappear. This will also raise the bar for developers to start up a company as well. In less than a generation, the cloud and server based applications (web for now) will be like an old boys club; no entrance for the penniless code head with a great idea. It’s difficult to describe exactly why that is so important, but it’s a huge deal to have these companies own not just your data but literally the means for processing it. It means that even keeping a copy isn’t sufficient. It means you HAVE to pay to play. It exposes you to all sorts of nefarious control issues down the road by groups such as the police, etc. And it fosters the attitude that writing software is remote, that programming literacy is simply beyond people’s means if not also their ability.
Finally, it is getting harder and harder for small IT to handle the demands of running a standalone shop without use of the cloud and remote for-rent applications. The for-rent model is seen as potentially the
biggest theftmost lucrative development since the PC and huge amounts of effort are going into making small companies pay the price of not being able to play well without being part of that model. And the model lends itself beautifully to that effort. You can make a gazillion upgrades without the zombie client ever noticing a thing but each one of those upgrades can require major changes for the small stand alone IT shop if format changes or communication and integration is necessary. The people you do business with become totally immersed in the pay-to-play environment and suddenly have a hard time dealing with your data and your methods.
The government doesn’t need the cloud to get your data. Let’s use email for example.
Email is uploaded from your client machine to a server. This connection is almost always authenticated and encrypted. Your email now is on a server… either in a cloud or on a private server. Either is vulnerable to attacks or subpoenas. (IMHO, the cloud is probably safer… less chance for an attack.)
The story doesn’t stop here. Unless the recipient is on the same server, Email is then sent to the recipient’s server (or cloud). This is done via SMTP…. a non-encrypted protocol.
Yes… your email is sent across the internet backbone in plain text.
If you had say a wiretap on the backbone, it would be simple to collect all these email messages (including FB notifications sent via email). You could easily store these in a database, searchable by email address or keyword.
The only reason you’d need to go to someone’s server/cloud would be the 10% of gmail->gmail or Hotmail->Hotmail (or ect) messages that wouldn’t go over the backbone.
If you really want privacy, forget the government, we should be pushing Google, Hotmail, …ect… to support encrypted email.
P.S. IMs are sent plain text too.
A remote cloud storage system requires an excessively large data switching network to allow users access ( at all times) to the cloud. This part of such a remote storage system, the connection between the user and the cloud, seems to receive little attention or discussion, the cost of the network, the maintenance and the power requirements to operate such a network ( a large part of electrical consumption is for the air conditioning systems in data network switch rooms). Pressumably these costs are borne by the customer.
I don’t get it. With 128GB USB thumb drives, why does anyone need cloud storage that is dependent on a network connection again? I never saw any point in it.
Yves, I remember reading back in the late 90s how Hillary Clinton and general Wesley Clarke were investors in a massive data center being built in Arkansas.
From Eisenhower’s speech 1961
“Throughout America’s adventure in free government, our basic purposes have been to keep the peace; to foster progress in human achievement, and to enhance liberty, dignity and integrity among people and among nations. To strive for less would be unworthy of a free and religious people. Any failure traceable to arrogance, or our lack of comprehension or readiness to sacrifice would inflict upon us grievous hurt both at home and abroad.”
“In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the militaryindustrial complex. The potential for the disastrous rise of misplaced power exists and will persist.”
We were clearly and historically warned by Ike! – The Military Industrial Complex now rules all of us and there is absolutely nothing we can do to stop them! Power corrupts and absolute power corrupts absolutely!
If you can imagine it they are already doing it! Welcome o the world of Algorithms in the Cloud!
I’m not sure if this story has appeared on NC yet (I saw it somewhere but can’t remember if it was here) but it’s relevant to the current discussion:
Cool. I got a Nigerian guy working a deal for me.
You sound like the kind of discerning character that could use a good bridge to get from here to there. The prestige and cachet that having your own bridge lends to all your transactions makes you stand out as an entrepreneur among entrepreneurs. And by extraordinary coincidence, it just happens I am selling one such bridge at most favorable wholesale rates.