PRISM-operationThe fallout from the revelation of the NSA’s spying program is gathering pace and has ramifications for the United States, and the other Five Eye’s, bottom line.

Coming to light this week is the fact that credit card companies MasterCard and Visa are taking action against VPN providers and refusing them card access. VPN provider iPredator is impacted and the founder, Peter Sunde, has said that he “does not believe that the move is to do with piracy, but might be an effort to prevent the public from covering their tracks online and preventing government spying.” Visa and Mastercard seem to be, on the surface of it, going after VPN providers because the service allow you to get around geo-locking, the ability for companies to stop you accessing overseas television and entertainment such as NetFlix.

In New Zealand we don’t have access to NetFlix or similar services, we have an expensive, limited, back catalogue of movies at best. For $5 a month you can buy VPN then use a gift card (or Air New Zealand Global Card) and can access NetFlix for a cool $10USD a month with all you can eat. MasterCard and Visa seem to be attacking those providers, which is nothing new. There are still legal battles brewing over them cutting off Wikileaks. The VPN providers, who are sitting on top of a gold rush, are planning a legal offensive against both companies. Conspiracy theorists point to government pressure being put on Visa and MasterCard to withdraw support of any service that allows anonymisation of you on the internet, because you can’t be spied on.

Meanwhile, Switzerland’s largest national Cloud Provider, ArtMotion, has seen a solid 45% increase in revenue in the past month. It’s not just them either, other onshore Swiss Cloud services are booming after the NSA revelations. Switzerland has always been seen as a safe place to store your gold and other filthy lucre, anonymously, and now individuals and companies around the world are seeing Switzerland as a safe place to anonymously store their private data from the prying eyes of government.

InternetNZ this week pointed out to the select committee on the impact of the GCSB to the New Zealand ICT industry and failed I think to pick up the one area of most significance (as did I in an earlier blog this week). InternetNZ got a little too technical and drew a long bow saying that people will rush to VPN’s to hide their activities from government. This is true and we see a pickup of VPN sales across most of the planet. The downside to this says InternetNZ, is that encrypted traffic is not compressible and so uses more bandwidth. The counter to that is simple, compress the data before you encrypt it.

The real impact on the New Zealand ICT Industry may be one of lost opportunity. New Zealand is generally seen as the Switzerland of the Southern Hemisphere. We are seen as a gentle folk that can neither fight nor fend for themselves. Oh wait, that’s hobbits. But you get the point. We even have the perfect brand, Aotearoa, The Land of the Long White Cloud. That is now seriously in jeopardy because of our membership in the Five Eyes community. Let’s be blunt, we spy for the US, Canada, Australia, and the UK, we are part of PRISM.

That by itself is likely to drive people away from the concept of New Zealand as one of the safest places on the planet to deep archive your data.

The European Union is all over this concept like a frenzied dog. The digital chief of the EU, Neelie Kroes, is using the issue to push hard for a “European Cloud” saying that “If European cloud customers cannot trust the United States government or their assurances, then maybe they won’t trust US cloud providers either. That is my guess, and if I am right then there are multi-billion euro consequences for American companies.”

The EU is particularly angry and you see it in their other responses. A probe has been called for to uncover the extent of the spying, it is reportedly mulling over nullifying data exchange agreements (such as passenger and financial information), and has written to the US demanding answers. Whatever the outcome, the perception is that onshore US Cloud services are not safe.

The truth is, it doesn’t matter where your data is, if it traverses one of the Five Eyes larger countries, it’s being captured by PRISM. If you store all your data in Switzerland but you live in the US, it makes not a jot of difference. The only thing that does is encryption.

Attacks seem to be on the rise on VPNs as well. As I mentioned last month Astrill, one of the largest and most significant VPN services was taken out in an attack that lasted nearly twenty-four hours. Conspiracy theorists point to the US however the truth is likely to be closer to home, Astrill supports a tonne of activists from within China by anonymizing their data, location, and identity.

Finally, an interesting legal test going on in the US over encryption. The Feds believe that one Jeffrey Feldman downloaded child pornography. The problem is that Feldman has encrypted all his data and the key is in his head. Originally, a court order was in place whereby he had to hand over that key or go to jail. However, his lawyer raised a constitutional issue that by giving up his key it may violate the fifth amendment. That being that you don’t have to do anything that might incriminate yourself. The prosecution has demanded the issue be resolved in case the complainant forgets his key given time is slipping by.

With Snowden on the loose carrying a head full of secrets, the reverberations from PRISM are just going to keep coming.

5 comments

  1. The key with encryption is making sure that its a secure and robust form of encryption. This is only really solved with education – whats the difference between 64bit and 256bit encryption? AES or Twofish? Who holds the keys? Is the person/service/code encrypting my data trustworthy? Given Microsoft’s cooperation with the NSA I’m concerned about the effectiveness of Bitlocker – good thing I only use Truecrypt!

    Just look at the stats for the success (or lack thereof) or encryption against wiretapping:
    http://www.wired.com/threatlevel/2013/06/encryption-foiled-wiretaps
    In 18 of 22 cases the government was able to successfully decrypt intercepted information. Thats over 80%. I doubt those statistics are anywhere near as high for decrypting encrypted data in transit over the internet but it makes me suspect that governments might be a lot better at it than we think.

      1. Absolutely.

        But that is also dependent on the strength of the algorithm itself and how much you trust its source. Hence my growing distrust of Bitlocker – Microsoft’s cozy relationship with the NSA drastically increases the probability that Bitlocker is backdoored. Much better to bet on open source solutions that have had thousands of independent developers crawling all over the code for years – any inconsistencies get exposed really quickly.

  2. Let’s bit forget that encryption only buys you time, even storing it in irreversible encryption (like Active Directory), only buys you time.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s