Showing all posts tagged prism:

Why can't Big Brother ever lift a finger to help out?

It strikes me that the NSA and their counterparts missed a trick.

Maybe it's because I'm in the throes of moving house, with all the associated change-of-address shenanigans, but it strikes me that it would be very useful if the government actually operated a single information repository. I mean, that's what they already do, right?

So, why not do it in a way that serves the public? The government sets up an IDDB which has all of everyone's information in it; so far, so icky. But here's the thing: set it up so that individuals can grant access to specific data in that DB - such as the address. Instead of telling various credit card companies, utilities, magazine companies, Amazon, and everyone else my new address, I just update it in the IDDB, and bam, those companies' tokens automatically update too - assuming I don't revoke access in the mean time.

This could also be useful for all sorts of other things, like marital status, insurance, healthcare, and so on. Segregated, granular access to the information is the name of the game. Instead of letting government agencies and private companies read all the data, users each get access only to those data they need to do their jobs.

People have a problem with any Tom, Dick, or Harry being able to read all their information, but the objection isn't intrinsically to the gathering of the information, it's to the unrestricted access. The idea that any busybody can log in and see any information they care about is what we object to.

Offering an IDDB service would go a long way to solving the PR problem of programmes like PRISM and its ilk. Of course there are enormous issues with abuse of such a system, but since it seems governments cannot be prevented from building (and abusing) these systems anyway, couldn't we at least get some convenience out of it?

Clouded Prism

One of the questions raised as a part of the PRISM discussion has been the impact on the internet and specifically cloud computing industries. For instance, Julie Craig of EMA wrote a post titled "PRISM: The End of the Cloud?"

I think these fears are a bit overblown. While there will probably be some blowback, most of the people who care about this sort of thing were already worried enough about the Patriot Act without needing to know more about PRISM. I think the number of people who will start to care about privacy and data protection as a result of PRISM will be fairly small. All Things D's Joy of Tech cartoonnailed it, as usual.

The same kind of thing applies in business. Many companies don't really care very much either way about the government reading their files. They might get more exercised about their competitors having access, but apart from perhaps some financial information, the government is low down the list of potential threats.

Of course, most analysis focuses on the question of US citizens and corporations using US services. What happens in the case of foreign users, whether private or corporate, using US services? There has been some overheated rhetoric on this point as well, but I don't think it's a huge factor. Much like Americans, people in the rest of the world already knew about the Patriot act, and most of them voted with their feet, showing that they did not care. As for corporations, most countries have their own restrictions on what data can be stored, processed or accessed across borders, quite possibly to make it easier to run their own versions of PRISM, so companies are already pretty constrained in terms of what they could even put into these US services.

For companies already using the public cloud or looking into doing so, this is a timely reminder that not all resources are created equal, and that there are factors beyond the purely technical and financial ones that need to be considered. The PRISM story might provide a boost for service providers outside the US, who can carve out a niche for themselves as giving the advantages of public cloud, but in a local or known jurisdiction. This could mean within a specific country, within a wider region such as the EU, or completely offshore. Sealand may have been ahead of its time, but soon enough there must emerge a "Switzerland of the cloud". The argument that only unsavoury types would use such a service doesn't really hold water, given that criminals already have the Russian Business Network and its ilk.

Bottom line, PRISM is nothing new, and it doesn't really bring any new facts. Given the Patriot Act, the sensible assumption had to be that the US government was doing something like this - and so were other technologically sophisticated governments around the world. The only impact it might have is in perception, if it blows up into a big enough story and stays around for long enough. In terms of actual rational grounds for decision-making, my personal expectation is for impact to be extremely limited.