Other HN readers are making some assumptions that I have to take issue with.
A1: Stories about this kind of thing are posted by people who want to take business away from the U.S..
This is possible, but there are a lot of people who value privacy too, and I suspect they are in the majority. Want to prove me wrong? Get polling.
A2: Everybody else is doing it, but only the NSA got caught.
First, this doesn't make it acceptable. Second, it's entirely possible not everybody else is doing it. Third, even if everybody is doing it, the U.S. has more money to pour into black-op projects than any other nation on Earth, so it's a safe bet that the NSA is, by far, the worst offender.
A3: Countries like China spy for corporate gain, but the U.S. would never do such a thing.
Right, the U.S. has never staged a coup or conducted a war that benefited U.S. corporations, and certainly wouldn't need intelligence to help with that sort of thing in the future...
-----
If you're okay with what the NSA has been doing, here's something to consider. Several years ago Sony got a lot of bad press for putting rootkits onto audio CD's. They wanted to stop piracy. Honest customers had nothing to fear from Sony! However, honest customers did have something to fear from viruses, malware, etc. that were subsequently written to exploit the security holes created by the root-kit.
The NSA is collecting data on you. You trust the NSA and your nation, so you're not worried about how they'll use that data. Fine. Do you trust everyone who works for them? You probably shouldn't. They certainly don't trust their own employees and they still got burned by Snowden! The NSA might not be looking at your data until you do something terroristy, but who else could have access to the NSA's data-stores? Would anyone know Snowden had stolen all those files if he kept quiet about them? Probably not. Odds are you're pretty boring and nobody is interested in what the NSA has on you. What if you were actually really interesting, and your enemies had a lot of money? Do you plan on becoming interesting at some point in the future, or are you firmly committed to being a bore until you die?
I am particularly annoyed at the "everyone is doing it" excuse. Everyone may want to be rolling with ten carrier battle groups in their navy, each equipped with an air wing capable of air-superiority, but only one country actually spends the kind of money to make that real.
Every government might have control freaks in it who WANT to implement pervasive surveillance. But most places don't have the budget for it.
That's right, but one of the corporations mentioned in the article is a UK grocery chain. The UK must be the most surveillance happy country in the world and we know that GCHQ cooperates closely with the NSA.
So I would love to hear an explanation from the people who put that clause in the contract. Maybe it's some kind of protest, but if it is meant seriously, it would be the most ridiculous thing I have heard in a long time.
Unless terrorism is actually just a cover for the NSA's true purpose of doing industrial espionage on behalf of US corporations. But if the meaning of the word "conspiracy theory" hadn't changed so dramatically recently, I could swear this is one ;-)
Just wanted to contribute a data point regarding A3: In Sweden there's a widely known inventor (or patent troll depending on your view of patent enforcement by non-operating entities) called Håkan Lans. Back in the 90ties he sued Hitachi for infringing on his computer color graphics patent. According to a documentary recently broadcast on Swedish television one of the reasons he was able to win that lawsuit was that someone in the US intelligence community (in a formal or informal capacity) helped him with background information on Hitachi's expert witnesses. The motivation was said to be that US felt threatened by Japan in general, and IBM by Hitachi in particular.
There where many other accusations brought in the same documentary, some of which I'm sceptical about, but this particular one seemed plausible. I can't find anything about it online, but the documentary presented it rather matter-of-factly with lots of interviews etc. So for the ambitious it might be an opportunity to document a concrete case of A3.
For me, it boils down to a simple question: If the NSA doesn't intend to use my data or data about me for some malicious purpose, then why do they need it?
NSA doesn't intend to use the data about you just now because you are not a person of interest for them. But they need it in case if you find yourself on their way in some point in the future (i.e. you find a proof that the event x/xx was a false-flag attack or there is a little gray alien in president's attic) then they will use it against you.
"... a Washington Post report based on Snowden documents that the NSA had intercepted a “large number” of calls from the Washington DC area code due to a “programming error.”"
It is the hallmark of totalitarian regimes – throughout history – to monitor the populace and politicians alike.
The United States is, of course, not a totalitarian regime, because the NSA was not interested in the content of these communications, but merely the metadata.
> The United States is, of course, not a totalitarian regime, because the NSA was not interested in the content of these communications, but merely the metadata.
Outsourcing some defense and intelligence makes sense because the West is united and why waste money on redundant systems. The real problem is that America is not a superpower it is a hyper power. As Bill Gates said recently:
"Nation-state competition is not zero-sum competition. It was not good for the world for the United States to be so far ahead, for 5 percent of the global population to generate 30 percent of the economic activity and 60 percent of the scientific R&D."
But we don't want the world to catch up by the US slowing down but by the world speeding up, that way progress is more rapid.
The real problem is that America is not a superpower it is a hyper power.
Is it? Really?
I can't help thinking that many of the less welcome trends in recent years, security-related or otherwise, could be explained by (a) the US no longer being a superpower in one sense or another, or not likely to remain so beyond the near future, and (b) senior US political and business figures finally noticing this.
From the outside, the modern United States of America looks a lot like some of its long-standing tech giants: some wise/lucky moves in the past brought success and created a vast amount of resources to use today, but if you keep squandering those resources on little things that aren't done properly and then add occasional big misses, sooner or later your fortunes will inevitably change.
US culture has long been obsessed with military matters and more recently with security, and clearly the US is still the world's leading military power in numerical terms. But at some point, you have enough firepower to level the planet a few times over, and adding another 0 doesn't really make any meaningful difference.
Meanwhile, among other things, a substantial part of the US population does not have access to effective healthcare, a noticeable proportion of US children appear to be learning more in school about religion than science (and their parents are OK with that), some of the big businesses generating all that economic activity Gates mentioned also managed to trigger the biggest global economic crisis in living memory, US workers have some of the worst conditions of any first world country (including so little paid time off in a year that sometimes even doubled it would still be illegal in many places), a cavalier attitude to energy consumption and damaging the environment is pervasive in both political and business leadership, and childish squabbling at the highest levels of federal government recently brought huge parts of that government to a standstill with adverse consequences for millions of ordinary people.
I'm not sure more rapid progress toward the US approach to these kinds of things is something any of us should aspire to. If anything, public sentiment and media commentary in other first world countries seems to be turning more to the attitude that the US is toxic and the best thing to do is distance yourself as much as possible, in security-related matters and otherwise. This article is interesting because it's the first obvious, practical embodiment of that sentiment I've seen, but I'll be very surprised if it's the last.
I think NSA is a red herring here -- it may gave turned up the volume, but these are problems that exist no matter what.
If you are handling any data of significant value, storing it outside of the regulatory jurisdiction of your company and/or customers will increase risk and cost. Compliance requirements have already made it impossible for EU individual customer information to be stored in the US. Vice versa compliance has made it difficult for most healthcare or local US government data in Europe.
The customers of the Dutch cloud-services conpany I work for haven been demanding this for at least ten years. Snowden didn't change much there, it's been going on since the Patriot act. European Union privacy legislation demands that sensitive data is stored within the EU. Storing data in other countries is only permitted if a satisfactory level of protection can be offered. This was used in marketing by EU companies in order to promote their own services, effectively creating FUD around US-based services.
When the Amsterdam Internet Exchange (AMS-IX) recently opened up an office in NYC there was a big fuss about it, because it would make the entire Dutch internet traffic subject to the Patriot act, since it applies to any company with an office on American soil.
I've been dealing with this for what seems like ages now. At my last job I actually had to go a get a new service shut down because the people who provisioned it didn't realise or understand that it was a problem that all the PID was being stored in the US.
I've read the Safe Harbor rules and audit information and I don't trust it one bit. I really can't blame corporations, especially EU ones, from stating very plainly that they don't want their data stored in the US.
> European Union privacy legislation demands that sensitive data is stored within the EU
While this may be officially promoted as a way of protecting against EU citizens against NSA (US access) to the data, it is also a way for the EU to ensure that EU can get to the data when the EU wants access.
Everyone in Europe I talk to about online data agrees that this isn't empty talk. Practically it really isn't possible today to in a meaningful way avoid some of your data or data about your usage of the Internet to end up in the US.
But, I would argue that this is more of a change in mindset and awareness at this point, which eventually will force changes. Companies or local government will want their data to be stored in a jurisdiction where they at least have an influence over how it is protected. Balkanisation may be the result, or ineffectual laws and regulations, maybe even something useful. But I believe something will happen.
I'm surprised to see the focus on jurisdiction versus other more effective methods, like open-source encrypting locally prior to moving the data off-site. Key control and eliminating the need to trust third-parties is the way forward, not trusting that some government somewhere is going to follow the rules perfectly. This also has the added benefit of protecting against unauthorised third parties gaining access via back doors or hacking, etc.
These ineffectual laws and regulations you warn about are already in place. That's a dead end. It is time for people and corporations to take charge and make their data safe before it leaves their control. We've seen this happen on a big scale with Google now supposedly encrypting data between data centers, and on a (much) smaller scale with people like me using EncFS to encrypt before moving online backups to Dropbox.
I agree that encryption could mitigate the actual threat posed by government mass surveillance, but I also wonder how much of the new language in contracts is about consumer perception and boycotting.
That cuts both ways. As an US citizen, I have no reason to believe my data is safe, say, in Germany, and certainly not in France who have been caught using their spy agencies to spy on US companies before. What enforceable mechanism has the EU provided US citizens regarding data safety? How can I, as a US Citizen, audit what access an EU government has had to my data?
So, yes, Balkanization is the only likely outcome, without a one-world-government and one-world-policing.
Then you obviously didn't talk to the Swedish legislator that was perfectly fine with the fact that foreign surveillance agencies could read her email.
US companies would be lucky if all this did is reduce their international sales. That's just the tip of the iceberg.
By far the worst damage is all that lost capital is going to flow into helping to generate a vast supply of new and bigger competition overseas. So not only will the US companies lose sales in the immediate future, they'll face amplified competition that will hit sales even more so long term. Even if the US Government has cleaned up this mess by the end of the decade, it won't matter, the financial consequences will just keep rolling.
When it's all tallied up, I think the NSA and US Government abuses will cost the economy trillions of dollars in value over the course of a few decades. Something akin financially to a hundred September 11th attacks in damages. Oh the staggering brilliance of the DC machine.
I agree. I don't know how that number was reached, but if the potential for losses is $180 billion already, then the long term losses might reach $1 trillion, maybe more. There are so many companies that change so slowly. They probably won't give up on the US products and services within 6 months. It might take them 2 years, 3 years, or even 5 years. So there are probably many more foreign customers thinking about dumping US companies, but they just can't do it yet. But that doesn't mean they will get their future contracts if nothing (radically) changes until then.
Ye, the NSA information trawling takes some serious amount of money to work, and they don't exactly employ just a hand full of analysts, more like a an army of them.
This has been around for a while under the guise of "data sovereignty".
If you look back at search results for that term, there are now laughable comments particularly by Microsoft that your data is safe in the US because even the Patriot Act requires warrants right? Little did they know...
I'd argue that a company that explicitly agrees to work with the NSA, for example by handing them over Windows security holes to be exploited by the NSA (and potentially other hackers), knows exactly the kinds of things that are going on.
Even more ironic are the "digital safe harbour" provisions that cloud providers have been operating under, telling their clients that the law requires the US government to treat servers put under those provisions as not located in the US.
The irony being that since the servers are "not located in the US", they are even more easily targeted by the NSA since the NSA considers the rest of the world to be sub-humans without any rights.
To nitpick somewhat, at least in the case of the US-EU safe harbor protection, it meant that certified providers were to provide the same protection to European data as it would have in the EU under the relevant EU directive, it doesn't have anything to do with location of the servers. The certification, however, is a complete joke since companies can self-assess and register themselves as safe harbor compliant.
The certification, however, is a complete joke since companies can self-assess and register themselves as safe harbor compliant.
And this creates a genuine difficulty for EU businesses, because it's no longer credible to claim that you thought a US business was compliant because of safe harbour arrangements. It may therefore not actually be legal under European laws to export personal data to those US businesses any more. If any European company did so, and as a result there were negative consequences for the subject of the data, that could lead to a nasty lawsuit for the company that did it, even if their actions would have been considered reasonably diligent because of safe harbour a few years ago.
Seems to me that the reality is that big businesses hold the leash of the US government, so this is as much a repudiation of them as it is the NSA, the Obama admin et al.
Microsoft, Google, Facebook, RSA and the rest deserve the shame and scorn they are receiving right now. I'm sorry if my techie friends working at those places are hurt by this, but I feel very betrayed by these companies' complicity in and taking moneys for all the surveillance and backdooring, etc. So, shame on you, I hope your brands aren't totally ruined.
This trend pre-dates the NSA scandal, at least from my European perspective. The US government has legally given it's intelligence and security agencies the right to secretly claim access to data stored by American companies including data not physically stored in the US.
As a result, it's not just a matter of non-US companies and citizens not wanting to store data with US companies, in many if not most cases it's not even legal for them to do so.
As a European company, I have to give certain guarantees about the protection and usages of privacy sensitive data. Storing it under the jurisdiction of a country that does not respect that is out of the question.
This has nothing to do with any illegal activities by the NSA or their non-American counterparts. This is the existing legal regime of the US.
Of course the NSA scandal has highlighted the facts that any guarantees the US so far has given about not abusing this are null and void. From the US can get use data, it has now become the US will us your data. That will significantly and irreversibly speed up the process of taking data out of US companies.
But the process itself had already started, it is just a very slow process (no corporation or government can drastically alter their IT infrastructure within a short term). The real effects won't be felt until another five to ten years, if not more.
I agree with most comments here. This was expected, these are not empty threats and no one is over-reacting. Everyone is just re-acting as they were expected too. Except maybe the Obama administration, which has to do some hard decisions. Snowden is growing stronger by the day now.
The part that caught my eye though was this:
> It's not all doom and gloom, however. Thompson's comments show that some U.S. firms stand to benefit from distrust of the U.S. government, and that a new model may be in the offing for protecting sensitive data from the NSA's prying eyes.
Apparently, Bloomberg sticks to the Liberal mantra that says more or less that when a market dies a new one emerges.
Maybe the 5% of affected population, in terms of companies, will build a new business model but how this is good news is beyond me. It's like when you listen people saying that YOU can now create a startup in TV because they saw a Steve Jobs 2-minute video documentary on Apple. People apparently don't know that for every successful startup there are 1.000.000 failed for no apparent reason.
This is good news in the same way that a broken window is good news to the glazier. The broken windows fallacy is alive and well in the media. Journalists are also trained to show "both sides" of the story even if the other side of the story is complete nonsense.
Spying is an age-old game and it's not just the US doing it ;) I'd love to see some leaks out of Russia and China. It doesn't matter where your data is stored if it's off-premises. If you were putting it in the cloud unencrypted, you were already at risk, Snowden or not. Intelligence agencies around the world recruit workers in tech companies, the company need not overtly cooperate to get screwed.
Countries around the world slurp up data over the wire, they just haven't been caught with their hand in the cookie jar yet. At least the NSA's massive data caches won't be easily hacked. Verint (just one of many companies in the surveillance space) has 75 countries as customers. There's a ton of sh*t going on under the radar. You may hate surveillance and want more transparency but nobody can pretend it's just the US doing this stuff.
No reason to leak anything from Russia. It's not a secret but a law here that SORM-2 devices are mandatory to install by each ISP (very small ISPs may wait for up to two years, though). It must have full access to mirrored traffic crossing the AS border and RADIUS traffic (in case of TACACS+ ISPs are also asked to reveal encryption keys).
While I suspect they're mostly laying dormant and don't think they're secretly massively abused in mass-surveillance, no idea what those black boxes are doing, though. The point is, they're here, they have full access, and they technically could be abused anytime, so don't transfer any sensitive data to or through Russia unencrypted. Like with any other country, possibly except for Equestria.
It's not safe/unsafe 0-1 game. Unless you have some information not available to the public you would be crazy to think it's good idea to store anything sensitive in US comparing to some European countries (if you have a choice) as of today at least. If anything there aren't many countries out there with comparable resources dedicated to spying and no countries have that extensive history of using military and intelligence information for economic gains.
On top of that, I suspect some of the anti-US stuff posted is for the express purpose of gaining customers away from the US. (this may get downvoted, people may disagree, but I have no doubt it's happening)
No, that is definitely a factor here: non-US companies are taking advantage of the recent growth in anti-US feeling to make themselves look more attractive to potential customers and investors. No one should really be surprised by this: it simply makes good business sense.
The politicians will be on the ball too, at at least those whose remit covers national/international business or who have a constituency with a large workforce that could benefit. You can see a push in the other direction too: the "buy American" campaigns state-side have grown in volume, more so than can be explained purely by economic factors (which have been the key driver for that sort of thing since 2008) and an interest in protecting manufacturing jobs. If the large (relatively affluent) American market can be discouraged from buying goods/services without a US connection, companies will be discouraged from distancing themselves from US interests.
Of course there has always been a certain amount of keeping business information in particular places. Some regulated industries have to by law and have had to for a long time (you can't properly regulate something if you allow it to move out of your jurisdiction), and all businesses should be aware of the issue (though sadly many aren't) when dealing with personal data. In the UK the Data Protection Act has clauses covering information security which mean you need to be care careful not only how you store personal data but where, and I assume most countries have something equivalent. A little healthy paranoia always snook in to: if the data is more local to you there is less chance you will loose access due to either technical, political, or local issues.
The big difference right now compared to a-year-or-two ago is that the US has fallen off the secondary safe location list for many, and for EU based companies (and individuals) the balance in "I'd rather it be local, but if we can save a bit by hosting in the US, where market scale currently makes it cheaper, I might" has changed.
What will the alternative cloud solutions be? I assume that many will rush to fill the gap as clients vacate US providers, offering increased privacy as a specific selling point.
As a non-US startup, we're still using Heroku and AWS because we don't have the resources to make the jump to something more secure, even though we'd really like to. As soon as an accessible alternative appears we'd switch in a heartbeat.
An interesting idea to conform to and one I am researching for a service I've been building. There is data in transit and data at rest. For many people I know, North America (I assume Canada and the US are one and the same, at this point) is the primary market/closest entry point. Do regulations require tracking data in transit thT may eventually be stored somewhere other than the US?
As far as I know, similar data locality guarantees are now hot topic in Germany and are often mentioned during sales pitches of SaaS platforms. USA shot itself in the foot and it is competition's holy duty to its shareholders to exploit it.
Well...if Americans cant get things changed with votes in their own democratic society, at least non-Americans can get things changed with their own wallets. (Debated using quotes around democratic...left 'em off after all...but it was close). Americans obviously can change things with their wallets, but it's more difficult, and involves a lot more steps like encrypting before sending, etc.
Actually the NSA's overreach is more a problem with the executive branch.
Congress tried to establish checks and balances over the intelligence community by establishing FISA after Watergate, but it wasn't enough. Judge Leon's ruling [1] actually discusses the shortcomings of the FISA court.
I've probably devoted more time on HN to discuss the reality of politics and government than to cover technology issues. At times I feel pretty bad about this. I've also been subject to a partial new post hell-ban which may still be in place (surprisingly enough, most of my new submissions are tech related). And, yes, I've felt bad about this from time to time, to the point of limiting myself to reading HN and not posting for weeks at a time.
As I have watched all of this NSA, IRS, ACA/Obamacare and big-broken-government nonsense has developed over the last, say, ten years or so, I can't help but think that the tech community needs to be shaken-up like this in order to finally abandon ship and start really using their brains politically rather than acting as mindless sheep following who knows what.
I'll issue a blanket statement and say that everyone reading HN is smart. About technology. Not necessarily about politics and the ways in which the world turns. And yes, I'll say it, there's a wide swath of HN'ers who have been indoctrinated by the left-leaning academia, media and the echo chamber of the circles they frequent and identify themselves with that they've stopped applying critical reasoning skills to their political life.
As I said here [0], you have to be smart about your politics if you want to succeed in business in general. If you are not, you run the risk of incompetent moronic government-originated factors affecting your playing field in small and major ways. And, by the way, it really doesn't matter if you are an employee or an entrepreneur, a union or non-unionized worker. When things like this start happening they affect EVERYONE and there's a chain reaction that will make things suck in a big way for all involved, at any layer and at every station in life.
What you want, in order to succeed, is as little meddling and interference as possible. No, I am not suggesting anarchy. That's bad. No, I am not suggesting no government. That's worst. What I am saying is that you want a small non-intrusive government at all levels, from local to federal. You want a government that truly has our long term best interests at heart and not one that is a partisan prostitute acting almost exclusively to keep their sick species and party alive at the expense of the opposition and, what's worst, you, me, our families and our very country. We might just be entering into a phase where we might just realize that terrorism can't even begin to match the level of destruction bad governments and their policies are capable of producing.
Yes, yes. Crazy talk. I really don't like talking this way. It's just that sometimes I feel like people need a collective slap on the face with a well timed "Snap out of it!" before they'll wake up and see what is really going on. Snap out of it! Get involved!
> rather than acting as mindless sheep following who knows what.
I'll tell you right now, that anyone who uses that phrase is more of a "mindless sheep" than those he criticizes.
> What I am saying is that you want a small non-intrusive government at all levels, from local to federal.
Not particularly. There is no intrinsic reason to want a "small government" over a large one (or vice versa). What you want is an effective government, that best matches your interests. Of course, everyone has their own interests, so the best rough metric that we've come up for maximizing the effectiveness of the government across the whole population, and minimizing its harm, are democratic institutions with various protections in place to prevent various types of abuses.
Likewise, you don't necessarily want small corporations or large ones. A large corporation has more power and is able to abuse that power more; but it is also frequently more efficient than having lots of small actors, as lots of transactions between independent actors can add friction and cost.
Distributed systems have problems, as they can exhibit lots of complex behaviors that can cause destabilizing feedback, and they can be inefficient. Centralized systems have problems, because they provide single points of failure or points of corruption that can be exploited for gain. Some balance between the two of them is necessary, and it's also necessary to spend effort on simply fixing problems that come up rather than thinking that every problem can be solved by adhering to some philosophy of "big government" vs. "small government".
> mindless sheep ... wake up and see what is really going on.
Did you really just write a long winded "wake up sheeple" post? Are you trying to be a self-parody?
>> rather than acting as mindless sheep following who knows what.
>I'll tell you right now, that anyone who uses that phrase is more of a "mindless sheep" than those he criticizes.
Does accusing someone of being a mindless sheep because they call others mindless sheep make you a mindless sheep? For that matter, sheep aren't mindless but if they were then if I described them as mindless sheep then how could I then be a mindless sheep? By the very nature of describing their mindlessness I show that I have a mind. Plus, I am a human and cannot be shorn, so I'm clearly not a sheep.
> I'll tell you right now, that anyone who uses that phrase is more of a "mindless sheep" than those he criticizes.
Why?
> There is no intrinsic reason to want a "small government" over a large one (or vice versa). What you want is an effective government, that best matches your interests.
You would have a point there if "big government" was used to convey the literal meaning of the phrase by Libertarians. It is not. In proper context "big government" refers to size, reach, complexity, all of the above and sometimes even more. It is generally about government that has grown beyond some boundary.
This is just like saying "big brother is watching". This doesn't literally mean that your eldest brother or a some kind of a giant person is watching you.
You do get that, right?
Big government: wants to touch, manipulate and regulate everything and wants to have a say in everything in your life, from how much soda you can drink to which doctors you can see and more. It spends money inefficiently and with damaging results. It thinks it has power over people and that our rights are granted by government and their laws.
Small government: stays out of the way and lets market forces act. It enacts and enforces just enough regulations to create protections from extremes and to protect and support those in need. It certainly stays the hell out of your diet, home, sex life and medical choices. It operates within a strict balanced budget framework that ensures our financial stability and well being as a nation. It knows that they derive their ability to act from the will of the people and that our rights cannot be trampled.
In this context, yes, you do want small government.
Medical care is not subject to normal market forces, nobody shops around in an emergency. And by the way, nobody tells you which practitioner you can see in the UK where we have had socialised medicine for decades. You're free to move between practitioners in the state system, and you're free to go private if you wish.
Your posts are just right wing and libertarian talking points, your description of 'Big government' hopelessly biased and 'Small government' a whitewash.
I also notice that in none of your posts are you in any way opposed to massive defence spending, only healthcare. And you call others 'sheep'!!
> Medical care is not subject to normal market forces, nobody shops around in an emergency.
Oh, please! In an emergency you are going to go to the closest available hospital. As simple as that.
> nobody tells you which practitioner you can see in the UK where we have had socialised medicine for decades.
Well, that's not how Obamacare works. What's the point of making the comparison of two approaches that are so different.
Let's just look at cost.
How much would a healthy family of four pay for the NHS? Is there a deductible?
Before Obamacare my family paid $600 per month with a $5,000 annual deductible. We got great care and got to choose where to go and which doctors we see. With Obamacare our monthly premium increases to $1,400 per month and our deductible to $10,000. Also, our choices at nearly every level in the process of receiving care have become limited. There are questions about which of the local hospitals we will, effectively, be "assigned" to by attrition and which doctors we might not be able to see. The premium + deductible structure pretty much means that we stand to spend over $26,000 per year on medical care. And, BTW, this isn't a catastrophic plan.
With Obamacare the government is effectively, at a minimum, taking an extra $800 per month from us and in the worst case an extra $14,600. And this is for worst care and choices than we had with our prior system.
Taking $15,000 a year from a family's budget, when multiplied by potentially millions of families across the nation will have serious consequences. That's a lot of money that will not be available for purchasing. That extra computer, uprgading the old car, intalling wood flooring in the house or taking a vacation simply will not happen. And this will be the case with millions of families and individuals across the nation.
You see, you can call me whaever you want. Extreme right wing libertarian moron. That's fine. Shoot the messenger until you are happy. Now let's discuss facts and numbers and real world effects. When we look at facts what i am saying isn't theatrics from a moron but rather a screams from someone saying "the emperor has no clothes!".
> none of your posts are you in any way opposed to massive defence spending, only healthcare. And you call others 'sheep'!!
That is utterly false. I have not brought up the military in his thread but I have in the past. Our military spending is sickening. Our wars are disgusting. And a good deal of our foreign aid is simply wrong and ought to be discontinued. Not only do I want our government to leave us alone, i want them to leave everyone else alone.
Our military spending has distorted our economy in ways that are hard to describe and probably even quantify. This is why I love Obamacare as the example that pulled the curtains back to let everyone see how government really works. Pick a number for how much was spent on the website. It's ridiculous. And they are still spending untold millions to fix it. Now imagine all military spending being equally bloated, wasteful and inefficient and ineffective.
Add it all up and it is easy to conclude that our government is causing us damage at every level and at a monumental scale. And don't get me started on patents. Care to quantify how much damage just one government agency, the US Patent and Trademark Office, has done to our economy, industry and progress?
Call me a moron if you must. You still have to face the facts behind my arguments.
I didn't call you a moron, but "Obamacare is bad therefore socialised healthcare is wrong" seems a lot of a stretch.
And yes, people go to the nearest hospital in times of need. Need being the key word. Free markets don't really deal well here IMHO.
Obamacare may be a great example of why the US government doesn't work so well, but to an outside observer that seems to be because the market-worshippers seem to need to be placated at every turn, when their requirements are contrary to efficiency, fairness or good sense.
You did not. The self-deprecating bit is more about the fact that liberal lore requires that anyone not on the left be characterized as a religious idiot missing one or more teeth. Well, I am not any of that. I am also trying to highlight the fact that someone can actually be a moron and his or her argument can still stand on its own merits (or fall because of the lack thereof).
If I must be a moron to be heard, fine. I'll be a moron. I am not, but that's OK. Believe it or not, I am trying to be constructive here. HN is dominated by younger people who are obviously indoctrinated to the left. The tech industry actually went out of their way to help Obama get elected. This is nothing less than religious, mindless indoctrination. All of these people are very smart. They simply didn't want to stop and do a little thinking. And, of course, the young ones simply don't have enough life and business experience to actually get it. It takes effort and the ability to see the world from a very different level to leave religious belief behind, political or theological.
> "Obamacare is bad therefore socialised healthcare is wrong"
Nursie, you are the only person saying that in this thread. Please do not read past what I actually say. I did not say that.
> Obamacare may be a great example of why the US government doesn't work so well
It is. In fact, it is the best example money can buy. And it is fantastic because everyone now sees it and everyone cares because it touches them directly. Nothing sadder than talking on an extreme left-winger who just got the news that he and his family are going to have to pay through their teeth for healthcare that before Obamacare was pretty good and cost them less than half what it will with the new program. I have a number of ideologically leftist friends who work in Hollywood that simply don't want to talk about it. They got so royally screwed by Obamacare that it has rocked their entire belief system.
If we got any value out of this experiment is that we paid hundreds of millions of dollars to demonstrate what NOT to do.
> to an outside observer that seems to be because the market-worshipers seem to need to be placated at every turn, when their requirements are contrary to efficiency, fairness or good sense.
And that's the problem with being an outside observer. Although, in this day an age you have access to just about as much information as I do.
No, Obamacare isn't a failure because of the need to accomodate market-worshipers. To the contrary. Obamacare was brewed and passed into law with EVERYONE from the right and Libertarian parties either being explicitly excluded from the process and/or speaking and voting against it. Democrats used parliamentary twists and turns I couldn't possibly recite to get it through Congress. It is fair to say, if we assume our representatives, well, represent us, that half the country or more was against the entire thing.
Obamacare was passed with virtually nobody having read the law. It was passed with the President publicly committing fraud by making promises dozens of times, promises that are now well established to have been lies. It was also passed with Senators making such false promises. And, of course, who can forget our beloved Nancy Pelosi's "We have to pass the law to see what's in it". In other words, it was, for all intents and purposes shoved down our throats, falsely represented from the President on down and deemed into law by parliamentary force. There was no learned debate of the issues and the solutions. The thing is an ugly mess that was brewed behind closed doors. Now the doors are open and we can see they were brewing poison rather than a healthy concoction.
Perhaps that's what you missed as an outsider. Not because you didn't have access to the information, but, let's face it, we are all too busy to be concerned with the minutiae of things that, at the end of the day, don't affect us personally. I have no clue what's going on in France or Spain. The information is all out there. I'm just really busy with matters that concern me and my family to really have the time to understand about issues from far away that hardly touch me. In that sense, yes, you are absolutely correct, as an outsider you are only seeing one aspect of reality. And, frankly, if your information comes from liberal or right-wing outlets such as CNN and Fox you will only be exposed to the ideological extremes. The sad reality is that getting to the truth requires work and if it isn't going to affect you there really is no incentive to do the work and really understand what's going on.
I can't criticize you for not understanding what is really going on here. All I can say is that you should consider the possibility that you really don't get it because you are not personally and emotionally invested enough to expend the effort necessary to understand it.
Love the UK. Every time I go to Europe, London is my "base of operations". I keep it low key and stay at the Holiday Inn @ Kings Cross. Fantastic little Greek restaurant within walking distance.
Now, I'd really like to understand. What does a top-of-the-line plan through the NHS (if such a thing exists) cost a typical family of four with no major healthcare issues?
Sorry, this small government lark is nonsense and irrelevant in this.
The Americans seem to bang on about small government constantly, and I cant imagine that in actual reality, the US government can't be proportionally as big as say the German or , I dunno, Japanese government, where they don't particularly bang on about small government in anything like the same way. If it is, as big or bigger, I suspect that is largely down to the insane huge military the same people who bang on about small government totally adore and idolise.
Interesting too that for some bizarre reason, you have managed to get in some Obama and health care stuff in too. Sorry, but most of the rest of the civilised planet has some form of universal health care. I dont see what that has to do with anything in this debate. If Americans don't want to look after their poorest, weakest and most vulnerable, then fine. Its not my country. But its got nothing to do with industrial spying.
Oh, I note you have not placed any blame on any republicans who were just a responsible for all this. I dont remember GWB being all liberal about freedoms.
Sorry, but from what I can see, the subtext in your post is basically a poorly cloaked attempt at a right wing agenda. And frankly I don't see that as any sort of credible answer.
I would prefer a more powerful local city and state government and a far weaker federal government. Having my pols closer means there's a neck to wring if need be.
A little nit: Republicans and George W. Bush? They're either irrelevant and/or gone for years. You need to update your hate list; your being outside the states is no excuse for ignorance. The current demons are "tea-baggers" and "Ted Cruz".
The Obamacare mess is the most visible example of what is wrong with government at nearly every level. Of course I am going to use it. This is the best example we have and one that nearly every American now understands or most certainly will within the next year. Nobody is saying that a better approach to healthcare isn't necessary. The ACA is NOT a better approach.
This has nothing to do with a right wing agenda. Call it a moderate libertarian agenda if you want to be closer to reality. Both major parties have blood on their hands, it's just different for each group. It just so happens that we've wasted five valuable years chasing after a somewhat extreme left-wing agenda...and here we are. We are walking into national debt that will exceed twenty trillion dollars and, if economic damage wasn't enough we are undermining our tech industry in ways that could shift technology out of the US in so many ways it is hard to imagine.
OK, call me a moron and a zealot. Please explain a few things to me then:
First, if over twenty trillion dollars in national debt isn't a problem, how much would be? Is there a limit or we get to go like this forever with no consequences whatsoever?
Once you explain that, please elaborate on what could happen to our tech industry if the world turns against us for such things as the brutal intrusion into everyone's lives by the NSA and other yet-to-be-identified players? Are there consequences to this if we change nothing? Ever?
Finally, we are continuing to see the disaster that the ACA/Obamacare is proving to be. The other day an article came out, I believe in Forbes, explaining how MILLIONS of Americans are --without realizing it-- assigning their property --their homes-- to the government when they sign up for the ACA and end-up going for Medicare. It is one thing to want healthcare for everyone. For reason's sake, let's do it right! This is nonsense. Can you please explain how the ACA is a good thing when premiums double --or worst--, deductibles skyrocket, access to doctors, facilities and drugs is limited and, on top of that, you might have signed your estate over to the state without even knowing it?
I don't know. I could be a moron. Still, I think the above issues stand on their own, having nothing to do with the messenger or the political alignment of anyone involved.
The fact is that the tech industry is under attack by our own government in more ways than one. Never mind me. Mind reality.
I think it's cool that you're passionate about this stuff, try boiling it down to the essentials though. With all the self-deprecation and laundry list of questions, you lost me.
When I saw alan_cx put criticisms of the huge US military alongside arguments for socialized healthcare, I detected possible weakness. I thought something like, "growing the government makes it grow!"
It's like there's this odd static thinking some statists exhibit - like "we can vastly increase the government's power, but only just in this one corner with health care." But that's willful ignorance, that's not how things work. When you get a big expansion, budgets and authority swell for the whole thing including in the nasty bits like military and intelligence and through data mining/sharing between agencies.
You won't make headway trying to out-wonk someone on the ACA who is so clearly sold on the idea of socialized medicine. On that issue, the guy is a belieber. :)
You are probably right. And yes, I am passionate about this stuff. When I was younger all I cared about was tech. I was utterly ignorant about everything else. Without knowing it I let media and tribal behavior dictate what I thought and who I voted for. As I got older and started to run into government at every corner as an entrepreneur I started to ask questions. I didn't like the answers.
Now I feel we are at an inflection point. There's a need to have some passion because our government has gone insane and seems to be on a mission to destroy us from the inside. No, this isn't some grand plan. They are too stupid for that. This is simply a natural side effect of what the political "species" does for survival. This is like bacteria "concerned" about maximizing their local results yet, if without resistance, will easily consume and kill the entire organism. The bacteria don't plan on killing the entire organism, it just happens. That's what our government is doing. If people would only pull back far enough to see it...
I have had the same thoughts about inflection points and political class doing whatever they need to do to stay in power and the like. It all sounds good, but I always had the feeling that failed to explain everything that's going on.
I have personally come to the conclusion that US politicians today are just limo drivers for the banksters and the business elites who get to dictate where the limo goes from the comfy (and safe) back seat.
I interpret messages from ultra rich/powerful types (like Mort Zuckerman) to mean that they have a worry about a race/class war against the rich that could wipe them out in a NY minute. It's a rational concern, things do seem to be slowly turning against the power elites.
If class riots truly are the big worry of the rich, then gov't entitlements aren't altruism or charity, they're gifts intended to placate the masses. Mass riot worries could also explain why local police departments are getting armored vehicles and military training from the feds. And it could explain why the IRS/surveillance state seems so preoccupied with weekend/holiday dissenters like those in the "tea party".
I don't have any answers for our social problems; I think we're screwed because of all the corruption. That doesn't stop me from questioning the motives of those that claim to have the answers.
This has been going on for at least a few years. Large financial institutions in Europe have contracts with vendors stating that servers cannot be hosted in the US because of all the warrantless snooping.
It's a bit laughable to presume that the NSA would be interested in a random company's laundry, or would divulge it to anyone else. Snowden's leaks do not contain any evidence of this, and yet it is well known that the Chinese, in fact, do spy for corporate gain.
There are a lot of things that we thought it would be "outrageous" for NSA to do, and yet we found out later they're doing them. If anything, NSA is more interested in spying on corporations for the purpose of economic espionage than anything else. Why else would Germany be spied upon by the NSA as much as China is?
There is not much evidence of commercial espionage indeed. But it's not about company's laundry. It's about the laundry of the users, stored by the company. If NSA access to that hits the press, a EU company will lose a lot of customers.
Data outside the US is the easiest for the NSA to access. It's only data that never leaves the US which in theory you can argue is subject to warrants.
Of course, since it's so easy to redirect your traffic outside the US using BGP, it's not really a defense no matter where you are storing your data, but the clause is certainly pointless.
"Worst possible knee-jerk reaction. Data outside the US is the easiest for the NSA to access. It's only data that never leaves the US which in theory you can argue is subject to warrants."
Nonsense. If they're even talking about keeping data out of the US, they are probably non-US citizens. Under NSA law (the parts that have been publicly leaked), NSA feels perfectly free to seize their data when it is stored in the US, or makes transit into or through the US. A non-American sending their data into the US does not thereby protect it from US spies. (Really, that's common sense). The only data that is maybe safe is that of clearly-identified US citizens communicating with themselves in the US. These can still still be intercepted and stored, but the leaked secret laws say that the NSA does not allow its analysts to read it.
I'm a bit confused, you say nonsense, but then you apparently agree with two key assumptions.
I'm definitely not saying it's a good situation we find ourselves in here, or that data is 'safe' anywhere. But I would want anyone to think very long and hard before moving servers outside the US and claiming that provides some sort of benefit, other than as a political statement... It actually sounds like you agree with that.
Maybe r/Worst possible/A dangerous/ would be better. But I do appreciate reading the opposing opinions.
Wait, so the NSA can walk into a German hosting provider's office and force them to install a box and no we won't tell you what it does?
You're mistaken. The NSA might have more legal space to hack into systems outside the US, but their main snooping appears to happen in (forced) cooperation with US companies.
That's why EU and everyone else is waiting for US to pass strong laws that prohibit US gov doing that, and for them to acknowledge the EU laws for data protection, before they can trust US companies at all.
At least if US passes such laws, they know that instead of risking losing all of its foreign customers, Cisco would rather sue the US government next time, backed by those new laws. This is why this reaction is such a good thing. It's exactly what's supposed to happen to end forced backdoors by the NSA into products bought by foreigners.
> That's why EU and everyone else is waiting for US to pass strong laws that prohibit US gov doing that
Thing is, neither the Constitution nor the law was respected, as we've learned. So why should anybody have trust in some politician or President who declares a new law? For agencies like the CIA and the NSA, there is no law.
No, it's the best possible reaction (not for US, obviously, but they deserve it). This sends a message to US and US companies.
Also, in case you haven't paid attention the US government was hacking into one of the biggest US companies already - Google and Yahoo, while they had deals to get pre-encryption data with Microsoft and others.
Also, NSA themselves said all encrypted data is captured, regardless of where is coming from, "just to be sure".
As a political statement it has power, that is one aspect I definitely agree with. However, I don't think it's a security measure, and in fact could decrease security.
You make a good point that encrypted data is retained longer by the NSA, and even domestic encrypted communication is kept without any nexus to an international person of interest or 50% confidence that at least one party is not a US citizen. But as we know well, the encryption is the absolute last thing which is going to fail or be broken independent of some other action.
NSA can fill their hard drives with all the cipher text they want. If that ciphertext ever somehow becomes valuable on its own -- for example, without getting a warrant for the key - then the crypto-apocalypse has arrived and the whole discussion about which data center the server runs in is completely pointless.
We haven't seen any Snowden leaks indicating NSA is walking into US data centers without a warrant and busting servers. On the other hand, their entire modus operandi is to do exactly that overseas. Wait, or is that the CIA... Generally speaking, if you have something they really want and it's on a US server, you get agents at the door with warrants. If you have something they really want and it's on a non-US server, they just hack or steal the damn server.
See my earlier reply about the Google packet sniffing, done only for data which left the US as far as we know. There would be a much stronger case that such packet interception was illegal and unconstitutional under current US law if it was happening to traffic running within US only WANs.
By the way, there's nothing you can do if the service provider decides to just accept the warrant and provide the data, regardless of where the server is colocated, which is why I think self-hosted SaaS is so important. You might not be able to stop them getting the data, but if it's on your server, you probably will know they have taken it, or otherwise you'll have a great case to argue in front of the Supreme Court (as in, an EFF pro bono spectacle, not necessarily that you will prevail).
The people that put these surveillance systems in place don't give two fucks about the economic impact, and the people that do consider the economic impact aren't invited to the meetings.
tl;dr People should be really screaming mad angry about what the US government is doing, but foot shooting is perhaps exactly the response they are looking for.
It seems to me that the NSA finds it a lot harder to get at data that never enters the US at all.
I have doubts about sending data to the US in any way - I work for a European tech company, and some co-workers want us to use private repos on GitHub for our source control. I am personally against this simply because it sends important data into the US. That kind of thing should be kept on-site.
This may be naive, and if it is please elaborate; but as the NSA is a branch of the USA's government, it has legal power over companies in the USA and over infrastructure in the USA. Their legal writ does not hold in Germany for instance. I'm interested in seeing how this whole "broke German law on German soil" thing plays out: http://www.cbc.ca/news/world/nsa-s-alleged-spying-on-merkel-...
The NSA's methods of surveiling the internet seems to have been to tap into "destination" data centres in the USA, and to tap into all passing traffic as it crosses US borders. If internet traffic passes through neither of those checkpoints (e.g. originates in Leipzig, goes to a server in Berlin) then the NSA will find it a lot harder to tap it. Not impossible, but a lot harder to do it and lot harder to make a convincing legal justification.
This leaves aside the impact of the sharing agreements between the "five eyes", that basically the UK et al are doing the same thing as the NSA here.
The second problem is of "American" companies which operate worldwide. Even if the server is in Berlin, no doubt the US government will lean on the US parent company, if there is one. Which is why we're seeing stories like this one.
Even if your servers are patched, firewalled etc and you encrypt all traffic travelling between data centres, if the data is decrypted on your internal network for processing or use you're vulnerable to "host is subpoenaed by the NSA", "black box installed on network by NSA" and "insiders work with NSA out of patriotism" which non-US suppliers may protect you from. Even if you self-host and have no employees, it's difficult to stop a legal subpoena from the NSA for your SSL private key except by making sure you and it never enter the US courts' jurisdiction.
Of course, you're still vulnerable to hacking, physical intrusion, and blackmail or bribery of insiders by the NSA. And whatever the local equivalent of the NSA is. And secretive international agreements.
> In the USA ... you're vulnerable to "host is subpoenaed by the NSA", "black box installed on network by NSA" and "insiders work with NSA out of patriotism"
Yep. That's what I mean by "tap into "destination" data centres in the US". e.g. what was going to happen to Lavabit.
I'm not sure why people are having difficulty grasping the whole concept of "US legal power is much lessened outside of the USA". (see also here https://news.ycombinator.com/item?id=6944880 )
> Of course, you're still vulnerable to hacking, physical intrusion, and blackmail or bribery of insiders by the NSA
Yes, or by any other rogue actor. But any government that does that on a mass scale on notionally "friendly" territory is playing a dangerous game if and when they get found out.
For international customers it is rather pointless to talk about data that never leaves the US. If this is a bad reaction, then what is a meaningful reaction?
Oh, so since me and my company are _physically_ outside of the US, we're fucked then?
But your point, of course, stands. Maybe avoid sending the data to the US and in addition punishing providing access to the NSA as treason? (I know. Won't happen.)
> Wait, so the NSA can walk into a German hosting provider's office and force them to install a box and no we won't tell you what it does?
The equivalent in the US requires a warrant, and it would be the FBI not the NSA. For example an NSL or warrant with a gag order similar to what Lavabit saw. These warrants at least give the provider the option to shutdown. Also see similar situation to PrivateSky (UK-based). The fact that these cases are news, and even moving through the courts on appeal, is a Good Thing (TM).
This is a significantly different attack model than NSA hacking your network and picking data off your internal pipes (like what happened to Google), Firewire/Thunderbolt ports (commercial off-the-shelf products sold to law enforcement do this through DMA access granted by Firewire/Thunderbolt), or hell, even stealing keys through the ground potential of your chassis . Those techniques, sans warrant, are claimed to be "legal" only because they happen overseas.
If you think the NSA doesn't have access to all your traffic just because you're in Germany, I'm saying, IMO the NSA has better access to your traffic, indeed all your gear, because it's in Germany.
> For international customers it is rather pointless to talk about data that never leaves the US. If this is a bad reaction, then what is a meaningful reaction?
This is a great point. I think the most meaningful reaction would be an increase in self-hosted SaaS models which are open source but not MIT/GPL as in, auditable but not free. Continuing the evolution of systems like Docker, and maybe even to an extent things like node-webkit, you might get to a future where grandma can single-click self-host all the apps she needs on any OS she happens to be running.
I'm so disappointed that such approaches are assumed to be doomed. You can't convince the CEO that people won't just comment out the license check rather than pay the license. I know GPL is supposed to provide "freedom" to the user, but I don't think there's anything inherently wrong with providing access to the source while still legally requiring a end-user or commercial license, and not just in the form of a support contract. In fact, I really wish more companies would try this, because I think it would ultimately be very successful and if it can jump the shark as an acceptable approach, it would benefit the entire industry. I plan on trying it myself with a few products, and I'll definitely report my progress.
In short, we need to increase investment in designing, deploying, and maintaining secure systems and architectures, combined with demanding real end-user ownership and control over your own data, which means self-hosting the service and open source. In my opinion, moving the server to international data centers doesn't provide any demonstrable value, and I believe just makes matters worse.
A1: Stories about this kind of thing are posted by people who want to take business away from the U.S..
This is possible, but there are a lot of people who value privacy too, and I suspect they are in the majority. Want to prove me wrong? Get polling.
A2: Everybody else is doing it, but only the NSA got caught.
First, this doesn't make it acceptable. Second, it's entirely possible not everybody else is doing it. Third, even if everybody is doing it, the U.S. has more money to pour into black-op projects than any other nation on Earth, so it's a safe bet that the NSA is, by far, the worst offender.
A3: Countries like China spy for corporate gain, but the U.S. would never do such a thing.
Right, the U.S. has never staged a coup or conducted a war that benefited U.S. corporations, and certainly wouldn't need intelligence to help with that sort of thing in the future...
-----
If you're okay with what the NSA has been doing, here's something to consider. Several years ago Sony got a lot of bad press for putting rootkits onto audio CD's. They wanted to stop piracy. Honest customers had nothing to fear from Sony! However, honest customers did have something to fear from viruses, malware, etc. that were subsequently written to exploit the security holes created by the root-kit.
The NSA is collecting data on you. You trust the NSA and your nation, so you're not worried about how they'll use that data. Fine. Do you trust everyone who works for them? You probably shouldn't. They certainly don't trust their own employees and they still got burned by Snowden! The NSA might not be looking at your data until you do something terroristy, but who else could have access to the NSA's data-stores? Would anyone know Snowden had stolen all those files if he kept quiet about them? Probably not. Odds are you're pretty boring and nobody is interested in what the NSA has on you. What if you were actually really interesting, and your enemies had a lot of money? Do you plan on becoming interesting at some point in the future, or are you firmly committed to being a bore until you die?