Brazilians tear strip off NSA in wake of Snowden, mull anti-US-spook law Businesses selling online to Brazil-based consumers could be forced to store any personal data they collect about those individuals on local servers under proposed new laws under consideration in the country. According to an automated translation of a report by the Reuters news agency, the federal government in Brazil has …
"unlikely if that server housed in a foreign location is property of a foreign subsid". Firstly, what is to stop the US companies simply sending a replicated copy back to the US? Secondly, who says a foreign subsidiary won't follow the orders from its US parent? And thirdly, who is to say that the caring, freedom-loving, socialist Brazilian government won't be taking the opportunity to exceed the US and mine the data for anything they can find on people the Brazilians government don't like?
The point here is that the subsidiary is subject to the law in that country they are established in, as are all of the employees working for the subsid (even those who may be US citizens while they are in the country). The US owners may be free from the effects of the local law, but the local employees certainly aren't.
If this wasn't the case, companies like IBM and HP would never get UK Government contracts with organisations like the MoD or GCHQ, yet they obviously do.
Having worked on Government projects with personal data involved, I know that data security is drummed into the local workers, as is the fact that they personally are liable to prosecution should data in their control be leaked. I'm sure as hell I would prefer the wrath of an employer rather than a jail sentence if I were asked to copy data across a national border.
Yep, the US is entirely dependant on cash, non-US cash. Make a conscious effort to buy non-US goods and those that you do, buy secondhand to deny first sale profit.
If everyone did that for just one month...
On that note, if anyone knows a good UK-based alternative to the Irish Amazon EC2 I'm using (price comparable, too) then let me know (yeah cloud-sourcing such info is lazy, I know)
It doesn't matter because the data will also be mirrored in the USA.
If the Brazillians think otherwise then it just goes to show that IT solutions thought up by MPs the world over are the same, ineffective, counter productive and costly. The only way they could ensure privacy is to have a closed completely wire based system for Brazil.
Pascal my dear boy, you are looking at it from the wrong end. There is no need for a US company to mirror their data to a second country but you can bet your boots that if a second country insists that data on its citizens is stored locally to that country then the US company will still keep all the data on US based servers.
>Not if said legislation says that data for citizens of country X are ONLY stored in servers housed in country X.
You're not a comedian by any chance? Since when has the US bothered about legislation passed in other countries? The patriot act blatantly brushes aside any pretence of adhering to local data privacy concerns.
At which point Microsoft/Apple/Google/Facebook/etc Brazil inc is charged under local laws, its executives are imprisoned and it's banned from operating in that country.
Keeping in with the NSA is fine with Apple - right upto the point where it is banned in the BRIC economies. Remember the US had no political power over most of these countries, unlike Britain or Ireland. It can hardly threaten a boycott of China or to invade Russia !
I've worked for a certain bank that has branches all over Latin America. One of such branches is Venezuela.
That oh-so-unloved president passed a law quite a couple of years ago (2005? 2006?) stating that any bank information or whatever should never, ever be stored outside Venezuela. At all. The bank then initiated a titanic effort to move all the Venezuela branch stuff back into Venezuela, thus complying with the law in a timeframe that was within 12 months.
So yes, it can be done, it just depends on how big the balls of the country's government are. In Venezuela, it was either complying with the law or face expropriation.
Uptime obviously.
Most countries are not large enough to support two such server systems.
If a problem with either communications, power, or other occurs in Ireland, it will more likely affect any OTHER servers ALSO maintained in Ireland.
In the US, it is possible to have that backup server in different sections of the country - which have separate power, communications, and other infrastructure needed for operation.
Brazil is large enough (geographically) for two, but not necessarily economically large enough.
The same goes for the EU, but there it is more the varying tax rates that make things uneconomical.
You are making a lot of assumptions.
In Europe, for instance, I believe the banks like at least 150 Km. between primary and DR for data; that is a bit tricky for some areas, such as Switzerland with strict laws about confidential data not being beyond its boundaries (meaning that a German contractor, living just across the border in, say Konstanz, can not work from home, even if the office is just a couple of km away).
As for the USA: particular problems, such as the near certainty of a disturbing earthquake affecting California or the storms and fires that seem to cause dramatic news reports about that region several times a year. Belgium or UK, for instance, may have fewer concerns in this area. In the latter, countries.
Do not fall for the "one size fits all" scare-mongering and consider that different risks are mitigated by different strategies. They do not all require mirroring to other countries nor even widely separated parts of the same country. It can even be that the ability to use a short term, rented system loaded from portable, offline storage (i.e. back-up copies kept off site) is enough and there are firms ranging from IBM to small business offering this (at one large, international bank, I used to take part in exercises using exactly this scenario).
I''m not sure that storing data locally will help. the Snowden slides suggest and I think the NSA have allued to the fact that most internet traffic is routed through the Land of the Free (Irony intended) before it is stored. So having a local storage farm is utterly irrelevant. This is how the NSA,etc can data slurp on such a level.
Effectively it sounds like Brazil wants a contry wide Intranet. Nice idea, but unwaorkable in the digital age i'm afraid.
Big Brother, obvs.
A few caveats, though:
- With data from Brazilian people stored in Brazil, the internet traffic from creating and accessing that data won't leave the country. No way for the US-based NSA infrastructure to intercept something that doesn't enter the US.
- The US/NSA could start collecting data in Brazil itself, but that would require judicial oversight from Brazilian courts in order to be legally done, otherwise the involved persons in Brazil itself could get jail time if caught.
- Not mentioned in the article, but Brazil is also looking at laying underwater cables to EU and Africa, which would make internet traffic to those places, and perhaps also for a large part of Asia, bypass the US.
True - the way Brazil is proposing it would not work. What they need to do is to support and promote their own start-ups and established companies, and aggressively market the idea that local companies only hold data locally and that the NSA will not be able to slurp their data*
I recommend the same for EU users - change email, search etc providers so as much as possible, their data is kept out of US hands. It won't be perfect, since routing** can happen through the US and users might want to access some sites / services based in the US, but it's posible to minimise data flowing there.
* of course, assuming that Brazilian internal security doesn't snaffle that data as well
**I'm not enough of an expert to be 100% sure, bit could routers be able to identify whether the final destination of a packet is in the US, and if not, preferentially route the packet through a non-US router? If so, Brazil, the EU could mandate that all new routers have this by default. And other countries will anyway start building cables and connectivity between themselves that exclude the US until the internet becomes a lot more like the mesh network it's supposed to be instead of most connections passing through US
".....What they need to do is to support and promote their own start-ups and established companies, and aggressively market the idea that local companies only hold data locally and that the NSA will not be able to slurp their data*...." LOL, but you really missed the bleedin' obvious with that one - there already ARE plenty of local options, even local search companies, but people ignore them and go to Google, Bing and Yahoo. Why? Because going to Google and co is faster and gives better returns on every search. Do you even know any search engines other than Yahoo, Google and Bing? Even if the Brazilians make their own equivalents, Brazilians will still be bypassing it and going to www.google.com, www.bing.com, and www.yahoo.com, and their data will go through US servers. Same goes for email services, and searches on Faecesbook, etc. This is just more feel-good popularist political soundbites, nothing more.
Chris W, I think that's what the law is attempting to address... i.e. "data of Brazilian citizens will be held only in Brazil, not elsewhere".
Brazil has a history of playing tit-for-tat with the US (one of the few countries that will). When the US started fingerprinting foreign citizens on arrival in the US, Brazil famously did the same with American citizens, but with ink, not fingerprint scanners.
There's a case where one American citizen got the hump and was told in no uncertain terms that he was welcome to get back on the next flight back to the US if he didn't like it, since that's what his own government does to Brazilians.
Nice to see Brazil bite back. Our luvvies in Whitehall are too chicken to.
>"data of Brazilian citizens will be held only in Brazil, not elsewhere"
Which is why I said they would need a "closed completely wire based system", in which case they wouldn't need unworkable laws. By the very nature of the internet you have no real idea of where any data is passing but I'd hazard a guess that anything that goes through a US controlled satellite is slurped.
You were doing so well at being clueful, and then you blew it: ANY data that goes through a satellite is slurped. Doesn't matter who owns it, the transmission is radio waves and we read it. It might be easier to read the data from ones we control, but we slurp everything. That was the whole reason for the NSA way back when it was an unmarked road that lead to their headquarters.
And frankly, it doesn't matter how cleverly the Brazilians write their laws or try to build the system. Unless all of the communications are entirely internal to Brazil the point at which they interface with a non-Brazilian system is the point of intercept, either through mutually agreed monitoring or covert operations.
Spy operations don't exist in the nice, neat, and utopian world of court law. They live in the Burkeian world: dog eat dog, no holds barred, and the only thing against the rules is losing.
Tom - I see your point. However I never claimed to be an expert at any of this I'm just trying to use common sense, if they can they will and if it's easier then more so. Anybody who thinks that their data is not being slurped given the opportunity by the US or indeed numerous other countries no matter what local laws say must have their heads so far up their backside they might just be called Zaphod Beeblebrox.
Most satellites broadcast data intended for a certain receiver via narrow spot beams, so the same frequencies can be reused over and over again, as well as limit unauthorized reception. Directv uses this for its local channels in the US, in fact, using the same transponder frequencies a dozen times across the states, using fairly wide spot beams with a diameter of a few hundred miles. Narrower beams are possible, of course, since some market areas are quite large including suburbs they err on the side of making them too large.
The NSA isn't going to slurp your data unless they can install a big dish pretty near the dish of the intended receiver. In some places that might not be an issue, but good luck getting such a dish up in places like Pakistan or Iran. I suppose a drone or balloon could do it, but that requires a full time presence which again would be unlikely over countries that don't like foreigners messing about in their airspace.
As for the idea that there's a separate copy of all data going directly to the NSA for as you say US 'controlled' satellites, I suppose that's possible, but would greatly increase the cost of the satellite to be capable of doing this. I suppose if the NSA picks up the tab for the difference a satellite Google or IBM launched might have this "feature", but they aren't going to pay an extra billion for it otherwise.
I agree completely with that policy by Brazil. It's the only was to establish international respect. When Canada began requiring pre-arranged visas for visitors from Brazil, Brazil was quick to require the same for visiting Canadians. When Canada raised the price of a visa, so did Brazil. I am able to avoid the cost by using my British passport to enter Brazil, but that means I'm embarrassed whenever I arrive there shortly after some new outrage perpetrated by the British government against Brazil, such as killing an innocent Brazilian on the tube platform because he was wearing a backpack and jacket, or illegally detaining a Brazilian journalist.
The will be more than a few multi-star Generals in the Pentagon thinking about starting to plan the invasion of Brazil, those 'commie bastards'.{anyone who isn't American is either a Pink Leftie or a Commie to many Americans especially in RedNeck country}
I watched Dr Strangelove again at the weekend. Kubrick go a lot right about US Paranoia.
Tough,
Thats the downside of being an American company.
America may as well be a carbon copy of China in the way that they deal with the outside world
For any septics reading, on the world map, the part with the words "Here be Dragons" it is actually what we call, "the rest of the world"(tm)
With the PRISIM fun, people can no longer pretend to trust the Americans (lots of countries put up with it because of cheap cash and hand outs), the UK have also shot themselves in the foot over this with their very public (and stupid, probably illegal) slapping around of people who are close to journalists.
Its getting to the point where money no longer talks, if companies like Facebook and Google are having problems, then they will either need to follow the local laws (for once) or make way for local companies.
"you really don't think the current pathetic & spineless UK govt would jump up and do that without the Whitehouse yanking their leash do you?"
What sets a good slave apart from the rest is their ability to anticipate and fulfill their master's will before they're even asked.
No, actually I expect the UK government to act on the observation of one its most intelligent statesmen: it has no permanent allies, only permanent interests. To act in any way which is not in accordance with those interests is foolish - whether it be slavishly following US requests or slavishly opposing them.
Incidentally when in China I noticed that all their World Maps "broke" the globe through the Atlantic rather than through the Pacific, so the Americas are to the extreme right and Europe on the extreme left. This leaves China in the middle of the map, just as Europe is in the middle of a "European" map.
As far as I know the US use the "European" style of World Map, possibly because they'd need to "break" the map through the middle of Asia and that's not very neat. Or more Probably because the vast majority of their maps only show the US. (I mean, be fair, their 48 states fit so nicely into a rectangular map and they don't need to mess around with projections)
James, do you remember which side of the Chinese world map holds Greenland? Yes, US world maps generally have Europe and Africa in the middle, but on my office wall is a world map using the Fuller projection, which has the Arctic Ocean in the middle, the Kerguelen Islands and Heard Island on the extreme left, and Antarctica on the extreme right.
The US Gov bureaucrats will not listen to their own people who told them to stop. They will not listen to any people. They will not stop until they are stopped with outside military intervention now. I think it's now not a matter of if but when Putin sends in troops to stop this nonsense in the middle east and Washington once and for all.
I'm pretty sure it'll only stop sometime after the Chinese start exerting their economic and political muscle against the US . Hopefully the ending will be the US in political and economic chaos, rather than an exchange of thermonuclear weapons.
The problem with commie bastages is that they don't respond to either of those actions. If economic muscle were going to move The Big 0, he would have already changed at least one of his other policies. But he keeps on doing the same things.
Yet I dare say that the average, non-Oligarch Russian is less spied upon than the average Englishman.
Which country has got the most surveillance cameras? What is this GCHQ thing? Special Branch? MI*? Met. police surveillance of witnesses? All these safety-first, precautionary raids on private citizens because some nosy parker thinks that a man walking (rambling in the countryside) with a twelve year old boy is suspicious (man and son, see report by Will Self, of his bizarre experience last week); the random seizure of cameras because some traffic warden decides that photographing some building or view is bad because of a child in the background or potential use to "terrorists".
So it is proportionate to detain a man, without any specified grounds, under an an inapplicable law, for nine hours and seize personal property (even unopened, in its wrappers property). Oh, it's all right. He was not arrested, he just missed his flights, was frightened for a day and, despite not under arrest, was forced to answer questions under pain of imprisonment (even a person on trial for murder can not be forced to answer questions). Oh, and without the man's agreement nor any legal justification, full details were shared with a foreign power (USA). One has to ask, if the authorities had such solid grounds for the action, why not a proper arrest, witnesses, statements, investigation etc..
Sorry, what was that about the iniquities of Putin again?
All Britain does is copy the worst aspects of the USA and make it worse ....
"about the iniquities of Putin again"
politically motivated criminal trials, with a helpful judiciary
and that Russia has the "System for Operative Investigative Activities" which allows several state organizations to monitor telecoms including the internet. and allegedly makes ISPs house the monitoring that track all credit card transactions.
"politically motivated criminal trials, with a helpful judiciary"
"which allows several state organizations to monitor telecoms including the internet"
Please, tell us, are you referring to Russia or to the USA? Just curious.
In fact, and I say this in great embarrassment, being an American, the US in general tends to lag behind but slavishly follow British trends. The result is that our anti-gun laws lag Britain's by about 50 years are catching up rapidly. We came up with the NSA after seeing how cool GCHQ worked. Cameras monitoring public areas are increasing in numbers but are still far, far behind the completeness of coverage in Britain. Random police checks are bolder now, again following Britain's lead. Indeed in Texas they have apparently taken to roadside body cavity searches in some counties, which may an innovation even by Britain's standards. I have a friend who wanted to spend time in the British Museum - having acquired a Classics degree - in the lat '90s. He was held and questioned at Heathrow for several hours - apparently because they suspected his red hair might indicate an Irish-based anti-British sympathy, which he indeed had developed by the time they let him go. In the US there is a growing movement to target people with turbans, though the majority of these are Sihks and despise Muslims. So, we may catch up yet.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
