PRISM

Khannie · 10-06-2013 10:34am #1

Is anyone else freaking out about the possible implications of PRISM as a non-US citizen?

I use gmail for example. Have their SSL keys been compromised?
I use lastpass. Have they received an order to hand over passwords on an ongoing basis? (I am seriously considering switching to keepass, what a pain in the face though).

and so on, and so on. The possible implications of "lawful intercept" on that scale are staggering.

AnCatDubh · 10-06-2013 11:54am

I've heard a little about it but haven't researched too far as yet. Concerning yes - at least until i've done some research, and no, I accept that 99.999999% of individuals won't have anything to hide, but we (I) may not like how information scraped without my consent or the context of our (my) individual consciousness could potentially be used against you (me). ok, I could probably head to the conspiracy theory forum with this one, but.... yeah.... i'm more uncomfortable than comfortable with the notion.

Khannie wrote: »

I use gmail for example. Have their SSL keys been compromised?

If they are sitting with a fat pipe running from the gmail or any other server to their data center then i'm guessing they won't need to worry about security measures like SSL. Encrypt before you hit gmail perhaps. At least that will slow them down and by the time they figure out it was an email from your mother for chicken curry, you'll have long left the country :pac:.

bonzodog2 · 10-06-2013 12:50pm

This may interest some:
http://www.theregister.co.uk/2013/06/08/what_about_a_us_tech_boycott/

MYDADPULLEDOUT · 10-06-2013 1:15pm

http://obamaischeckingyouremail.tumblr.com/

Edward Snowden: the whistleblower behind the NSA surveillance revelations

Meet 'Boundless Informant,' the NSA's Secret Tool for Tracking Global Surveillance Data

Government Phone Surveillance for Dummies

Code name ‘Verax’: Snowden, in exchanges with Post reporter, made clear he knew risks

Leaker’s Employer Became Wealthy by Maintaining Government Secrets

Khannie · 10-06-2013 2:11pm

AnCatDubh wrote: »

If they are sitting with a fat pipe running from the gmail or any other server to their data center then i'm guessing they won't need to worry about security measures like SSL. Encrypt before you hit gmail perhaps. At least that will slow them down and by the time they figure out it was an email from your mother for chicken curry, you'll have long left the country :pac:.

SSL is sufficiently difficult to decrypt that you wouldn't bother attempting to unless you had direct access to the keys, and even then it would take quite a bit of compute power to keep decrypting the volume of traffic that gmail generates.

I moved to keepass2 today. I had to assume that lastpass was compromised given all the recent revelations. I must say I feel better already. There was a bit of messing to get it working with my phone and resetting passwords but it was worth it.

AnCatDubh · 10-06-2013 3:30pm

Khannie wrote: »

SSL is sufficiently difficult to decrypt that you wouldn't bother attempting to unless you had direct access to the keys, and even then it would take quite a bit of compute power to keep decrypting the volume of traffic that gmail generates.

Yes of course, but my reading up on prism thus far indicates that they (US Gov Agencies) have access under their legislation to your data (which appears to be the quasi-excuse that the Tech Chiefs are quoting - we're doing only what the law says, and in fairness its hard to disagree with where they find themselves - that, in a democratic and civil society).

On ssl, won't your ssl only be useful to your email in transit between you and the google gmail server and not as your email is stored on the google server? (i've no particular inside track on what happens on the gmail server so apologies if they are doing something very different).

Thus, what I was assuming earlier was that if you had a foreign government (foreign to us) who had server level access (fat pipe stuff) then they aren't intercepting anything or needing to decrypt anything. They're just 'legitimately' (as per their law) downloading your email in plain text or whatever -- with the assistance of the american companies -- filtering the downloaded content, and deciding whether they need to put you under the spot light or not.

Interestingly, talking of direct server access in whatever form that may take, Twitter appear to be also compliant with the legislation but they have a different approach to assisting the government's requests. The law apparently says that they must comply (in giving data) to the US agencies, but what is being quoted in the media that google and facebook are doing is assisting the US agencies in making it easier for them to access the data (my fat pipe analogy above) which I gather is not prescribed in law. I believe Twitter don't (or haven't yet) given anyone the assistance of fat pipe access.

It also appears the law under which this is happening forbids the companies from telling anyone that it is happening which might explain some of the tech chief's pronouncements as to it not happening.

Still lots more reading to do on it. It is interesting stuff.

syklops · 10-06-2013 3:41pm

Khannie wrote: »

Is anyone else freaking out about the possible implications of PRISM as a non-US citizen?

Am I freaking out? Nope. Im not doing anything that the NSA would be interested in. If I was, I certainly wouldn't have a gmail account.

Khannie · 10-06-2013 3:59pm

Ah, that old chestnut. "Im not doing anything wrong, sure look all you want". I read an interesting article on that yesterday that I'll dig out for you.

CrinkElite · 10-06-2013 4:23pm

syklops wrote: »

Am I freaking out? Nope. Im not doing anything that the NSA would be interested in. If I was, I certainly wouldn't have a gmail account.

In fairness Syklops (with respect), I think that post is missing the point.
The issue here is whole sale surveillance of the entire global internet userbase coupled with limitless storage capacity.

That type of oversight is unprecedented in the history of human kind and the position of power it provides will be unassailable.

Khannie · 10-06-2013 4:35pm

AnCatDubh wrote: »

On ssl, won't your ssl only be useful to your email in transit between you and the google gmail server and not as your email is stored on the google server? (i've no particular inside track on what happens on the gmail server so apologies if they are doing something very different).

Ah yes, of course you're spot on. If they have direct access to the servers we're all scuppered.

Interesting article from bonzodog and that youtube video is definitely well worth a watch.

Khannie · 10-06-2013 7:02pm

Same guy alright and the content is probably similar. Thanks.

Trojan · 11-06-2013 12:00am

bedlam wrote: »

This? 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy - Daniel J. Solove

Good essay, but it needs to be way more accessible for folks who believe "I've got nothing to hide" to understand it.

Trojan · 11-06-2013 12:58am

Here's one gotcha with KeePass that wasn't very user friendly.

silentrust · 11-06-2013 12:59am

Khannie wrote: »

Is anyone else freaking out about the possible implications of PRISM as a non-US citizen?

I use gmail for example. Have their SSL keys been compromised?
I use lastpass. Have they received an order to hand over passwords on an ongoing basis? (I am seriously considering switching to keepass, what a pain in the face though).

and so on, and so on. The possible implications of "lawful intercept" on that scale are staggering.

My Foreign Office never comments on intelligence matters. :-)

silentrust · 11-06-2013 1:05am

Surprised that no one seems to have mentioned PGP or GPG - you know that can be used to encrypt your e-mails easily and is for all intents and purposes unbreakable provided your key is strong enough?

GPG4USB is a great, easy to use app for those people who take their privacy seriously.

Intelligence agencies can intercept your messages all they want, they won't be able to read them!

More than happy to give details by PM to anyone interested.

[-0-] · 11-06-2013 3:15am

bedlam wrote: »

This? 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy - Daniel J. Solove

Great article, thanks!

syklops · 11-06-2013 10:19am

bedlam wrote: »

This? 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy - Daniel J. Solove

A bit long winded. Thought-provoking, but as he points out there is a lot of non-specific vulnerabilities and so making the argument against "I've got nothing to hide" is difficult.

What I don't understand is why is the security community in such shock and disbelief. I, personally have known about Operation Echelon since the early 90s, as did many people I know. Presumably PRISM is the new name.

For my own security I employ GPG/PGP where it is plausible to do so, I use LUKS on my laptop and on portable media, I use very long passwords and SSL where I can. This is more to protect myself from stupid people, and malicious people such as cyber criminals etc, and less about protecting my privacy from foreign governments.

silentrust · 11-06-2013 10:20am

bedlam wrote: »

That it is, though it does not handly pgp/mime well which is a big downside.

The word of the week is metadata, they may not know what you are saying but that will know who you are talking to and that may be enough.

Do it for all to see, that way a wider audience can benefit.

Well I did write a guide for GPG4USB, sort of an absolute beginner's how-to, as it helps to understand some of the basic concepts behind Public Key cryptography before you use it so you can be sure it is secure. I will post it when I get a chance later today, thanks for the advice!

As I understand it under UK and US law metadata can be gathered legally but I think you need a specific warrant to snoop on the content of actual e-mails/messages/voice conversations. Of course the allegation here is that certain big names might have shared data like this anyway.

Ever since being taken over by Microsoft, Skype for instance has been notoriously reticent about whether the encryption they use for their calls is removed as it passes through their servers and passed on to goodness knows who.

Of course organised criminals know this which is why believe it or not very few drug dealing empires/extortion rackets/terrorist cells are run over Facebook or Yahoo Mail. The only people who stand to lose out are stupid criminals who are likely to get caught anyway and ordinary decent folk like yourselves.

The criminals on the "deep web" use a combination of the GPG program I mentioned along with Tormail or Torchat to communicate. These both use "onion routing" which makes it virtually impossible to trace the person who sent the message if for instance they are communicating via Tormail.

The beauty of the Tor project is that the more people who use it, the faster and more reliable the service becomes and the less you have to rely on the government for your privacy, so if anyone is concerned about this I suggest you visit www.torproject.org and take a look at the FAQ section.

It's really easy to set up and means you can take responsibility for your own privacy rather than trust shadowy corporations and government departments.

silentrust · 11-06-2013 12:32pm

bedlam wrote: »

They may be easy to set-up but they are hard to get right when you factor in the human element. People will fsck up and no amount of crypto will protect you from that.

This talk on OPSEC is worth a watch.

To clarify this, more people using Tor will not make it faster and more reliable. More people running nodes will.

Absolutely, the more nodes the better as if you're the only tor user in a remote location, it may be possible to pin down who you are through traffic analysis. This risk can be mitigated through having what's known as a private bridge which hides the fact you're using tor but shouldn't be necessary for most users.

The most important thing to bear in mind is that there is no guarantee of privacy for those people who use it to access facebook or other social media unless you create an entirely new account. Even then if the rumours are true the company in question can theoretically share messages you've sent , so that's where GPG is your friend.

If it were at all complicated then a technophobe like me couldn't do it, suggest anyone who is interested takes a look.

CrinkElite · 11-06-2013 2:24pm

silentrust wrote: »

The most important thing to bear in mind is that there is no guarantee of privacy for those people who use it to access facebook or other social media unless you create an entirely new account.

You mean possibility.

Also, it's long been established that someone who can control a relatively small number of exit and entrance nodes can perform trivial traffic analysis to uncover your identity.

silentrust · 11-06-2013 2:32pm

CrinkElite wrote: »

You mean possibility.

Also, it's long been established that someone who can control a relatively small number of exit and entrance nodes can perform trivial traffic analysis to uncover your identity.

No, I mean "guarantee", that's why I said "guarantee", not "possibility". :-)

As for uncovering someone's identity through monitoring entry and exit nodes, this is a moot point if you use Tor hidden services like Tormail.

Of course it would require people to lose faith in mainstream social networking for it to be likely someone else would have a tormail address but then if this allegations turn out to be true, perhaps people will become more privacy conscious and move to the deep web, I live in hopes.

Edit : My august colleague has reminded me that for those people who are worried about people monitoring Tor exit nodes, complete end to end privacy can be secured through using I2P although I have personally found it much too sluggish for all intents and purposes. The ways in which it is possible to undermine the anonymity of Tor are rather exaggerated in the mainstream media but a number of countries such as Iran and China make efforts to block the protocol, which shows they're doing it right. (See : https://www.youtube.com/watch?v=DX46Qv_b7F4)

Also to clarify my last point, creating a new social networking account while using the Tor browser will guarantee you that it can't be linked to your identity at the point of creation but naturally if you share any identifiable information e.g create a Twitter account in your own name, it could still be linked to you this way. What's good is that we're discussing ways to help to maintain our privacy, I am very interested in hearing everyone's thoughts! :-)

silentrust · 11-06-2013 2:50pm

Interesting piece by one of the main Tor Developers Jacob Applebaum on Tor, "Lawful Interception", and personal privacy in the digital age:

https://www.youtube.com/watch?v=RCYO19YfFfY

ST.

josip · 11-06-2013 5:41pm

Has anyone had a look at the map of countries monitored? According to newspaper reports it shows data volumes per country, not per capita per country. Is this understanding correct?

There is more data collected in Ireland with 4 million people than in all of the UK with 60 million people?
Does that reflect a difference in attitudes/compliance between the various governments?
Or a difference in perceived threats?
Or is it due to the location of data centres?
Why is Russia so low?
Why are Bhutan, Malawi and Serbia not being monitored?

Khannie · 11-06-2013 6:16pm

bedlam wrote: »

This talk on OPSEC is worth a watch.

Long, but worth the watch. It can be summed up thusly: STFU.

Khannie · 11-06-2013 6:19pm

josip wrote: »

Has anyone had a look at the map of countries monitored? According to newspaper reports it shows data volumes per country, not per capita per country. Is this understanding correct?

I haven't seen the map. Have you a link there? I would imagine that Ireland is high on the list because we have a number of very fat connections between Ireland and the US, so traffic routed to (for example) Canada, or almost anywhere in asia or possibly even the middle east, will inevitably travel through the US on its way there.

Ant · 11-06-2013 7:28pm

Khannie wrote: »

I moved to keepass2 today. I had to assume that lastpass was compromised given all the recent revelations. I must say I feel better already. There was a bit of messing to get it working with my phone and resetting passwords but it was worth it.

Has anyone used any of the command line interfaces to Keepass? I'm currently using a text file encrypted with GnuPG symmetric cipher and stored on a server that I access using OpenSSH. It works but it's a bit clunky and if there was a more user-friendly solution that worked over SSH, I'd like to hear about it.

Khannie · 11-06-2013 7:46pm

Keepass has an ssh plugin that allows you to access the password file on a remote server to the best of my knowledge. There are a heap of plugins for it.

CrinkElite · 11-06-2013 7:50pm

Is this the map to which you refer?

there's a wikipedia page here

http://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29

Rev Hellfire · 11-06-2013 7:51pm

Khannie wrote: »

I haven't seen the map. Have you a link there?

http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining

The heat map moves from green (least) through yellow (more) to red(most), we're a dark green the UK a lighter one. You could read it as we're less monitored.

josip · 11-06-2013 8:25pm

Rev Hellfire wrote: »

The heat map moves from green (least) through yellow (more) to red(most), we're a dark green the UK a lighter one. You could read it as we're less monitored.

Thanks Hellfire. Silly me. RTFL (egend).

Prodigious · 11-06-2013 8:31pm

Jabber is an excellent IM client for privacy.
I have to look into a different email provider. I've been using gmail in general, and of course tormail, but tormail isn't exactly one to be throwing down on the CV. Can anyone recommend any email provider that values privacy and security?

Khannie · 11-06-2013 8:51pm

Prodigious wrote: »

Jabber is an excellent IM client for privacy.

Yep. Think I'm going to set up my own jabber server on a box in my house.

Prodigious wrote: »

I have to look into a different email provider. I've been using gmail in general, and of course tormail, but tormail isn't exactly one to be throwing down on the CV. Can anyone recommend any email provider that values privacy and security?

I'm seriously thinking of ditching gmail after this, so interested as well. This site lists alternatives / stuff to consider. Among them is bitmessage. Not sure if it's suitable or what the craic is with it yet, but I'll be looking into it a bit more. May also host my own email server. Yes we're entering the ridonculous stage. I actually have nothing that the NSA would be interested in. It's not the point though.

Plus - with the breakthrough in upload speeds that the new FTTC offerings are going to bring, hosting your own servers becomes a real possibility once you have the knowledge.

Prodigious · 11-06-2013 8:55pm

Khannie wrote: »

Yep. Think I'm going to set up my own jabber server on a box in my house.

I'm seriously thinking of ditching gmail after this, so interested as well. This site lists alternatives / stuff to consider. Among them is bitmessage. Not sure if it's suitable or what the craic is with it yet, but I'll be looking into it a bit more. May also host my own email server. Yes we're entering the ridonculous stage. I actually have nothing that the NSA would be interested in. It's not the point though.

Plus - with the breakthrough in upload speeds that the new FTTC offerings are going to bring, hosting your own servers becomes a real possibility once you have the knowledge.

Was thinking about that myself. Going to look into the logistics of it after the Leaving Cert. Total control of your own affairs - it would be excellent.

silentrust · 11-06-2013 8:57pm

Prodigious wrote: »

Jabber is an excellent IM client for privacy.
I have to look into a different email provider. I've been using gmail in general, and of course tormail, but tormail isn't exactly one to be throwing down on the CV. Can anyone recommend any email provider that values privacy and security?

There is an excellent jabber client called Psi which I use for privacy purposes. You can use OpenPGP encryption for messages i.e the keys to decode messages are kept on your own computer, you don't have to rely on the goodwill of whoever is running the servers - this will give you privacy. If you want anonymity too I'd suggest running it through Tor or a VPN, details on request! :-)

Prodigious · 11-06-2013 8:59pm

What VPN do ye use?
When I needed it, I used anonine, thought it was excellent, and because they're in Sweden they have no legal obligation to keep any logs.

silentrust · 11-06-2013 9:20pm

Prodigious wrote: »

What VPN do ye use?
When I needed it, I used anonine, thought it was excellent, and because they're in Sweden they have no legal obligation to keep any logs.

Thanks Prodigious, I've heard nothing but good things about the one you used.

The only time I used a VPN instead of Tor was when I used the Psi program I mentioned above, this was because speed was of the essence as a colleague of mine and I were placing VOIP calls too.

In that case I used BTGuard because they accepted Bitcoins - since we're on the subject of cryptoanarchy, I don't mind confessing I used to be a Bitcoin Trader(!) For those who don't know Bitcoins are a decentralised currency which if used correctly can allow you to pay for goods and services anonymously - they're very popular for instance on the deep web website "The Silk Road" where users buy drugs in the mail but they have legal uses too such as paying for VPN services - I don't want to use my credit card, it defeats the point of having a VPN in the first place! :-)

Prodigious · 11-06-2013 9:36pm

Speaking of which, theyre gone down to 80 quid, they were 100 only last week. Might be worth getting a few.

silentrust · 11-06-2013 9:44pm

Prodigious wrote: »

Speaking of which, theyre gone down to 80 quid, they were 100 only last week. Might be worth getting a few.

I was on the Silk Road forums earlier today and there are a lot of doomer and gloomers are predicting a crash. I've looked over the charts for the past few months and it seems to be creeping back upward for now.

Of course, as with the Stock Market* there is an extent to which this can be a self fulfilling prophecy whereby more people hear everyone else is selling en masse and so do the same but I personally think it will rise before falling again.

I'd be interested to hear how you get on, naturally don't put in more than you can afford to lose. What I worry about is that after the next big crash people will start hoovering them up in the hopes another Cyprus style event will cause them to shoot up in price - which of course will raise the price artificially for a while and then have everyone selling again so it'll go up and down like a yo yo! :-)

*There actually are several websites which operate a stock-market for Bitcoin and its stunted cousin Litecoin but the lack of accountability and difficult interface means not many people I've spoken to use them.

[-0-] · 11-06-2013 10:33pm

I live in the states. My email is on a server hosted by a friend of mine who runs a hosting company in Co. Clare. I have my own dedicated server running FreeBSD in France, which I host an encrypted IRC server on it. I used to run SILC on it. I use this server for email as well. I download my torrents and crap onto it and scp them to my iPad then.

It is probably not an ideal setup, but it works for me.

Capt'n Midnight · 12-06-2013 11:16am

First off does anyone think that if there was a war on / national emergency that google , facebook etc wouldn't do their best to help out ?

well there's always a war on terror / drugs / axis of evil / current bad guys

Would anyone be surprised to find that there were lots of backdoors in the hardware those companies use, and even in the software ?

if you aren't using two different layers of encryption than going by screw-ups in the past it's possible that you'll have some accessible data, commercial encryption probably has backdoors, and there have been some gaffs on the open source side too. Might be worth throwing in a lot of random noise / digits of pi into the mix too, don't forget to ramp up the traffic at odd times but not when there are international incidents or you will be on everyones watch list.

I keep mentioning echelon because this sort of stuff is old news.

During WWII the US government went data mining The Library of Congress for any useful info. It paid off. Except now they have access (or potential access) to way more information.

If you want to follow the money trail just imagine how much CIA intel has helped big US corporations. The Airbus vs. Boeing saga alone is worth billions so financing is easy. Also it means jobs back home which politicians love.

enigmatical · 12-06-2013 11:23am

I think the biggest issue will be for cloud hosted services that are being sold to corporations and state bodies.

I think it'll have a lot of companies staying with local hosting.

It's not that they've anything to hide, but they have data protection requirements and may be dealing with sensitive intellectual property.

I mean for example should irish universities reconsider using Google Apps for student email? Several of them moved to it.

There are a lot of consequences for the cloud computing sector that will emerge because of this.

Even the fact that there was a leak would make me wonder about what contractors have access to it and how secure it really is.

There's a lot to be said for having your own servers in your own office.

I could imagine it would be a big concern for for R&D facilities, academics, political parties, journalists dealing with investigative stories etc etc etc

Capt'n Midnight · 12-06-2013 11:43am

enigmatical wrote: »

I think the biggest issue will be for cloud hosted services that are being sold to corporations and state bodies.

What happens if you apply EU data laws ?

Does this mean that they can't use Google docs etc. to store any data / email on EU citizens ?

Capt'n Midnight · 12-06-2013 11:44am

science gallery tomorrow luchtime
Rapid Response: The NSA Prism Leak - with Una Mullally
Jun13 13.00 - 14.00

Khannie · 12-06-2013 11:48am

Capt'n Midnight wrote: »

What happens if you apply EU data laws ?

I don't think they apply outside the EU (where the NSA are intercepting the data). It's a sneaky little workaround.

Thanks for the tip on that talk. I'll spin along to that.

silentrust · 12-06-2013 11:50am

enigmatical wrote: »

I think the biggest issue will be for cloud hosted services that are being sold to corporations and state bodies.

I think it'll have a lot of companies staying with local hosting.

It's not that they've anything to hide, but they have data protection requirements and may be dealing with sensitive intellectual property.

I mean for example should irish universities reconsider using Google Apps for student email? Several of them moved to it.

There are a lot of consequences for the cloud computing sector that will emerge because of this.

Even the fact that there was a leak would make me wonder about what contractors have access to it and how secure it really is.

There's a lot to be said for having your own servers in your own office.

I could imagine it would be a big concern for for R&D facilities, academics, political parties, journalists dealing with investigative stories etc etc etc

Yes enigmatical, I think it's an issue which has been around since the inception of cloud computing. There also doesn't seem to be a quick and easy solution.

Dropbox for instance suggested customers use third party apps like Truecrypt to encrypt data before uploading, which is what I do but of course that means you can't use it to share documents with friends.

A company named Porticor has developed software using a technique called homomorphic key encryption which in plain English means data is always encrypted in the cloud and you keep the Master Key on your own computer but it seems to me that since this is proprietary you have to trust the fact they're telling the truth!

E-mail is an entirely different kettle of fish though. If you're only concerned with privacy, not anonymity you can use GPG in combination with a service like gmail but of course that means that everyone you talk to has to use it and it's not very common.

enigmatical · 12-06-2013 11:51am

Capt'n Midnight wrote: »

What happens if you apply EU data laws ?

Does this mean that they can't use Google docs etc. to store any data / email on EU citizens ?

That's my concern.

It could be a data protection compliance nightmare for a lot of small business.

It gets even worse when you add things like Adobe CS becoming a cloud based service.
MS is trying to do the same with Office.

Windows is getting very fond of SkyDrive and OS X keeps defaulting to saving to the iCloud.

Dropbox and Google drive would be a bit of an issue too.

Then you've issues with smart phones and tablets, especially Android, being practically embedded in the cloud.

Between this and concerns about Chinese hardware potentially being used gathering data, it's going to make life very complicated for people trying to stay on the right side of European privacy and data protection laws!

silentrust · 12-06-2013 11:52am

Khannie wrote: »

I don't think they apply outside the EU (where the NSA are intercepting the data). It's a sneaky little workaround.

Thanks for the tip on that talk. I'll spin along to that.

I imagine it doesn't come as a surprise to anyone to find out the government can't be trusted with our personal data! :-)

Khannie · 12-06-2013 11:57am

silentrust wrote: »

I imagine it doesn't come as a surprise to anyone to find out the government can't be trusted with our personal data! :-)

Ah I don't think the Irish government are up to much to be honest. Plenty of expertise in the country, but not enough budget.

silentrust · 12-06-2013 12:00pm

enigmatical wrote: »

That's my concern.

It could be a data protection compliance nightmare for a lot of small business.

It gets even worse when you add things like Adobe CS becoming a cloud based service.
MS is trying to do the same with Office.

Windows is getting very fond of SkyDrive and OS X keeps defaulting to saving to the iCloud.

Dropbox and Google drive would be a bit of an issue too.

Then you've issues with smart phones and tablets, especially Android, being practically embedded in the cloud.

Between this and concerns about Chinese hardware potentially being used gathering data, it's going to make life very complicated for people trying to stay on the right side of European privacy and data protection laws!

So, it seems we're all going to have to take responsibility for our privacy for the time being. Dropbox can hand over my encrypted Truecrypt container to the Feds if they want, much good may it do them. :-)

enigmatical · 12-06-2013 12:14pm

The other issue I would be concerned about is that the security services might become over reliant on searching the Internet for leads.

There's a lot to be said for old fashioned detective work too!

They could have all the packet sniffing in the world and still miss the target because it's not online at all.

And what if this massive database itself were hacked by some unscrupulous organisation or individual?

It's a huge treasure trove of information that would be very valuable to all sorts of people.

An insider leaking information, blackmail, political abuse or an external hacker gets in and there would be massive problems.

If you gather the data it's a target for misuse!
If it doesn't exist, it isn't.

No system is 100% secure, even run by the best intelligence agencies in the world, it could be at risk of being accessed inappropriately or illegally.

It's like someone having a master key that opens every door. Criminal elements will want access to that and corrupt individuals in the system will misuse it.

I'd just be concerned, no matter how well intentioned the security agencies involved might be, I think it's a bit nieve to assume that it will never be abused or compromised.

Prodigious · 12-06-2013 12:24pm

enigmatical wrote: »

And what if this massive database itself were hacked by some unscrupulous organisation or individual?

An insider leaking information, blackmail, political abuse or an external hacker gets in and there would be massive problems.

If you gather the data it's a target for misuse!
If it doesn't exist, it isn't.

No system is 100% secure, even run by the best intelligence agencies in the world, it could be at risk of being accessed inappropriately or illegally.

It's like someone having a master key that opens every door. Criminal elements will want access to that and corrupt individuals in the system will misuse it.

Those collecting it are corrupt already, the whole basis for the PRISM system is criminal. The organisations behind it are supposed to be "the good guys."
Why not some transparency? The leak has shown that Obama is nothing but a puppet, not only is he continuing, he is also reinforcing the illegal, unjustifiable and immoral practices put into place by the Bush administration.

In a months time, I will have closed my gmail & hotmail accounts, and moved onto a Linux distribution. (Recommendations?) Seems the smartphones are a no go too, seeing as they track your whereabouts 24/7, can be used as listening devices, and always require sign in. Your options are essentially Google or Apple, neither of which are desireable at this point in time. I for one, will be sticking to my Sony Ericsson W380.

PRISM

Comments