The Cloud Conspiracy 2008-2014 - How the EU was hypnotised that the NSA did not exist

The Cloud Conspiracy 2008-2014 - How the EU was hypnotized that the NSA did not exist



In 2011 I started trying to warn EU institutions about what we now call PRISM, after working it out from open sources. Civil society, privacy regulators, and the Commission all did nothing. This is the story of exactly how they did nothing, and why, and what is happening now

There is one law (FISA 702) and one policy (EO12333) which authorizes the US government to conduct mass surveillance on “foreigners in foreign lands”. These are drafted in terms which discriminate the privacy rights you have by the passport you hold - in fact there are no rights at all for non-Americans outside the US.

It is obvious that this is a reasonably important dimension of the whole Snowden affair, because it starkly conflicts with ECHR norms that rights are universal and equal.

The only possible resolution compatible with universal rights is data localization, or construction of a virtual zone in which countries have agreed mutual verifiable inspections that mass-surveillance is not occurring (and at present this seems unlikely). There is a widespread misconception that somehow the new GDPR privacy regulation will curb foreign spying, when in fact it is designed to widen loopholes into floodgates.

This talk is multidisciplinary and will cover national and international surveillance and privacy law, Five Eyes SIGINT policy, technical security and economics.

4 Likes

“US data in EU is protected as EU data. But EU data held in the US cloud has no privacy protection” ~ CasparBowden

I follow Caspar on Twitter and he’s a real rottweiller on EU Data Protection. A great guy!

2 Likes

Is homomorphic encryption what dirvine has envisioned maidsafe could do to make safe distributed computation possible? If it is it does not sound good if it will be “several orders of magnitude too slow” :frowning:

No that is a growing area, the space to watch is zk-snarks (check my repo for a fork that works with cmake etc.) and possibly SMCL type projects (http://www.brics.dk/SMCL/ ) homomorphic advances are definitely worth keeping a weather eye on as well.

The current advances in discrete maths and combinatorial logic is pretty astounding. I feel there is a multitude of mechanisms fro secure computation now,especially since the “halting problem” was addressed by the folks at MIT And Jerusalem (I think it was, anyway Turing prize winner for this mechanism). With the halting problem addressed we can now send actual computation across the network (Ok for time being needs gcc register code) and be sure it was run. We have to address the knowledge of the environment though and this is where I think the group consensus comes in, so we get a group to calculate and ensure the environment is protected via consensus. The other side of this is validation of exterior changes due to a calculation and there we win using consensus chains to ensure the computation created the effect it should have.

All sounds a bit weird and complex, but after the network is up this will all make much more sense.

An easy way to imagine this though is a mixture of consensus agreement on a computation that is requested via a Domain Specific Language (which may be Turing complete or not, likely it would not be though). Such DSL capability is provided in the boost libraries with fusion and spirit, then we can have domains specific to issues, such as robotics, AI, search (better than just search but you get the point), currency, company contracts, asset exchanges and so on.

It is a huge and interesting area, but there is a ton of work already in play that a decentralised autonomous network can really make a pretty big difference to, solving many security and reliability issues.

2 Likes

the video link in the OP is dead. This one works as of feb 2017.

2 Likes