"The U.S. government cannot compel us to produce our customers' data stored in data centres outside the U.S., and if it attempts to do so, we would challenge that attempt in a court."
Except that it would happen in a secret FISA court, and it's likely Verizon wouldn't be allowed to reveal the status or outcome of that trial.
Vodafone acknowledge that management and legal have no idea what these secret requests are and what pressure is placed employees who push back on governments requests when they violate their internal code of conduct, "Obligations on individual employees managing agency and authority demands" http://www.vodafone.com/content/sustainabilityreport/2014/in...
Vodafone uses Amdocs in many of their national operations... see discussion in other threads beneath this post. In short, Amdocs stuff is assumed to be always-on metadata access rather than by-request content level.
This needs to happen more. The only language the people running our government understand is that of money. Perhaps if the executives running such companies as Verizon (and by money-proxy, the US government) are denied their monetary pleasures they'll lobby for reasonable governance.
This assumes the NSA would follow any laws restraining their powers. Even if such laws were passed, how could the NSA ever prove to the public that they were following the law? And even if the NSA took steps to "prove" they were following the law, why would anyone believe them?
It needs to happen more, but there are exactly zero reasons for the U.S. to give a shit about some business Verizon lost in Germany. No taxes go to the U.S., no jobs go to the U.S., and thanks to high taxes, no profits get repatriated in the U.S.
The only one suffering here is Verizon.
Probably if all U.S. based companies suffer enough, they'll start lobbying for change in U.S. but that would have to be some massive wave of upset businesses.
And guess how companies "protest" policies in the U.S. - they pay politicians to lobby for changes. So yeah, the shittier the govt does its job, the more lobbyist money politicians get, funny how it works right?
The more likely situation is the govt keeps not giving a damn, and companies suffer.
It seems so obvious that government communication networks should be built and run by a domestic company. Isn't that the standard in most developed countries?
For some reasons that I will never understand my beloved government (that of Germany) seemed to think for the longest time that the USA are our friends, US companies are our friends and we should buy everything we can get from them. And that includes government communication networks.
I don't think that's a given (possibly even after the leaks). If your giving up very real technical capabilities and increasing costs to protect your self from an ally it seems like a reasonable argument could be made either way. Of course after it's shown that that ally is no longer acting like an ally that changes the weighting of the argument significantly.
I'll also point out a lot of people expect the US would be able to compromise a system if they were actively targeting it even if it was reasonably hardened and in house. They also didn't expect (even if they should of) that the bulk collection was so widespread that it meant common practice implementations were compromised even without serious targeting. So the ROI for in house didn't look as good as it does today.
They could file suit for any number of things. But as far as I can tell the only plausible argument would be breach of duty by the USG to keep their secrets actually secret (i.e. why didn't they stop Snowden earlier), which was one of the things Merkel was mad about.
does it mean that before Snowden they really trusted to the telecoms that nobody captures and store their traffic? Or _wanted_ to trust?
Anyway, whatever provider they go with, they should encrypt point-to-point, and thus provider isn't really important. One can't argue though with the God-given right of the national telecom to exploit the hysteria to kick foreign competitor off the fat government contracts :)
The wave of partitioning and protectionism happening in the Internet and other global networks (like Russia trying to build their own VISA style pay system and national/government supported search engine) starts to remind about global trade partitioning leading to and through the Great Depression.
It seems likely that it simply wasn't given any thought. Not so much that they did trust them, but that they didn't comprehend what could have been done, and so it never really bothered them that much.
Once it was made apparent just what the capabilities were, and how strongly the NSA was utilizing those capabilities, minds started to change.
>It seems likely that it simply wasn't given any thought. Not so much that they did trust them, but that they didn't comprehend what could have been done, and so it never really bothered them that much.
To my knowledge, 20 years ago Russian security agencies were trying to inspect in depth any foreign computer hardware (as there is no other computer hardware existed back then or even today in Russia) that they were buying. Not that one is able to seriously inspect beyond the level of the plastic body of a chip, yet they tried at least :)
The fact that these techniques do work fairly well for semiconductor reverse engineering is a reason that recent research on "stealthy dopant-level hardware Trojans" was scary.
as well as some other microscopy techniques that might conceivably detect these differences, but that it's more difficult and expensive overall compared to optical imaging.
That depends on your definition of "seriously" I guess. But there is no need to stop at the plastic. Have a look what the guys at chipworks are doing: http://www.chipworks.com
Also the Russians are traditionally quite good at reverse engeneering ;-) and they _did_ have their own domestic chips 20 years ago.
>they _did_ have their own domestic chips 20 years ago.
No. Not back then, not now. There hasn't been a chip there able to run Word/Excel/email. The best "native" chips are the 30 year old ones, with some updates, in the anti-ICBM systems.
It is fairly obvious they still want to trust. They, meaning the German government, also have not figured out how much actual sovereignty they want Germany to have. In both these cases they probably lag far behind what the people want. That's a long way from "trust nobody" never mind building the tooling to enable that way of working.
If you want to avoid balkaniztion, relying on trust will not work. Trust is dead.
That does nothing to prevent the leakage of metadata. Who talked to who, when, and how long. You can encrypt the call, but not the number. You can encrypt the email, but not the headers. You have to trust the system routing the requests.
Not that Verizon are angels, but notice how all those "government doesn't like another government" passive aggressive actions end up hitting people and companies who have no fault at all for a given government policy.
Case in point, Germany doesn't like what U.S. does - boom, Verizon takes a shot.
U.S. and few other countries don't like the anti-gay laws of Uganda. Boom, poor Uganda citizens take a shot (aids get cut).
U.S. doesn't like North Korea's policy. Boom, poor citizens take one again.
Obviously there's no channel where said governments can express themselves, maybe we should have a social network for governments where they can rant and vent off, instead of having innocent third parties suffer?
It might come a bit as a surprise to you, but people are generally expected to have at least some responsibility for the actions of their government. After all, the latter is usually not some alien black box deciding things but rather a set of people, elected from the general population and by the general population, requiring the support of the general population to implement the laws affecting that very population. Saying that Americans are ‘innocent’ regarding the actions of their government is as ludicrous as claiming that the American president and parliament(s) are not responsible for the actions of the American government.
In this particular instance though, according to the article, some negotiation was done between the two governments to reach a no-spy agreement.
As no agreement could be reached, an American company cannot offer the service required by the German government. Thus is it not reasonable for the contract to be cancelled?
This is not a shot at an innocent third party, this is the third party being constrained by American laws to the extent that it cannot offer a required service. Sure, it is unfortunate that a third party is adversely affected by this, but it cannot be portrayed as a deliberate act against them by the German government.
Except that it would happen in a secret FISA court, and it's likely Verizon wouldn't be allowed to reveal the status or outcome of that trial.