Jul 11, 2013

Tragedy In Cloud Land

Once upon a time there was a land high up in the clouds and everybody seemed to be safe. But then the evil NSA spied upon all your data and people were outraged and flee like there is no tomorrow...


This is exactly how thing turn out at the moment.
Especially, but not only, in Europe. How can anyone convince our "friends" to use US-Servers again?
Google+ is one example. More and more services are integrated into Google+, like recently Latitude, and disappear, only accessible within Google's social network. No problem. But it is a problem for many people that consequently deny using anything Google+ on principle.
A month ago, I would have told them, that it's nothing bad in that. But now? I can't. The worst fears of the users have been manifested in reality like in a Illuminati-Thriller. Looks like it's all true folks.

The real problem now is, will the US IT-Industry ever be trusted again without shutting these surveillance programs down?
As a company in any other country it would be futile to use anything hosted in the USA. Cloud? Here goes the company secrets. Google will be one of the big losers in that game. European countries like Germany just turned more to offers from the Giant. Employees management, cloud document editing, collaboration and everything. This will turn the page back.
The calls for a European secure cloud is up. Quickly people beginning to open own servers in their jurisdiction with OwnCloud. Even Gmail will take a big hit. Just when the bosses could be convinced that it's not evil.

What now? Is it time to panic?
For companies, yes it is.
You need to get control over your stuff in your jurisdiction. Only then a legal complain for industrial espionage against a foreign secret service can be filed imho. Otherwise you gave your data away to another jurisdiction willingly. Read your TOS. Europe and other markets need to have own cloud services protected by strong encryption. Other security measures are on the way, like an open alternative to ICANN and securing server traffic in the own country.

For private persons?
Not so much. First think about what data you have. It's illogical to flee a US-Server with data you publish in public somewhere else. Google+ is something like this. As long as you do not share very sensitive private data over a social network, which you shouldn't anyway, it doesn't make sense to condemn such a great service. So everything you would show in public anyway, are not subject of concern.
However some problems might still be there with you personal email. Be aware that GMail is not safe anymore imho. On the other side ask yourself what problems can happen if the US government can read your mail. Then you need to decide yourself to stay there or not.

# In general, no matter where you host your sensitive stuff, use more encryption tools, like the open and free GnuPG and PGP. If you use PGP encrypted mail, only your metadata are exposed. We know now that encryption is secure and the common methods can not be cracked by intelligence services.

# Choose a cloud service with encryption when possible. Think about rent a server in your country and use OwnCloud e.g. to host your very own cloud.

# Don't waste your secure web space with data you publish in public anyway. You save a lot of money. And there are really good services waiting for you.

#"I don't have something to hide"... Yes, you do. Everyone does. You only think that it isn't important. And it's a matter of principle. This surveillance on innocent people must stop. You don't spy on your friends. You only spy on your enemies...