Who do you trust with your internet?
2008-09-03 / 16:21 / dave
“Since passage of the Patriot Act, many companies based outside of the United States have been reluctant to store client information in the U.S.,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. “There is an ongoing concern that U.S. intelligence agencies will gather this information without legal process. There is particular sensitivity about access to financial information as well as communications and Internet traffic that goes through U.S. switches.”
“The Net interprets censorship as damage and routes around it.”
I read a paper a few months ago about an ongoing contest to battle different stretegies for handling the prisoner’s dilemma (anyone got the link?). From what I remember, the best strategy was “trust someone until they screw you.”
Well screw you.
On a related note
Bruce Schneier has been telling us for years that we have to think about security like an economist. Don’t know how? Here are some pointers.
I can tell you that this is a huge issue up in Canada. University of Toronto specifically tells profs not to communicate with students who are using Gmail addresses.
Really? Seems extreme… if I hadn’t met you, I would wonder if that were extremely artful trolling (I mean that as a compliment).
Why gmail specifically?
(Sorry about that. I pressed submit a bit too early and didn’t bother qualifying that a bit more)
So it’s not Gmail specifically: they want us to avoid communication with any address other than our @utoronto.ca one. Within CS, the privacy issue is usually brought up first when explaining the policy; for the university in general, it’s certainly a factor but not the only one.
But in general, this is a huge deal for many Canadian companies. As an example, at the newspaper where I work, we’ve discussed the implications of potentially hosting a controversial video on an American server and whether it was worth the risk.
As another example, any software for the health industry will have trouble using American services because there are much higher privacy standards for data up here.
The concept of software as a service is really hampered by things like the Patriot Act; the lack of a guarantee of privacy and non-interference reduces the size of the market that American companies can go after with their self-hosted products.