PRISM update: Cheese, chocolate, credit card companies crackdown

The fallout from the revelation of the NSA’s spying program is gathering pace and has ramifications for the United States, and the other Five Eye’s, bottom line.

Coming to light this week is the fact that credit card companies MasterCard and Visa are taking action against VPN providers and refusing them card access.

VPN provider iPredator is impacted and the founder, Peter Sunde, has said that he “does not believe that the move is to do with piracy, but might be an effort to prevent the public from covering their tracks online and preventing government spying.”

Visa and Mastercard seem to be, on the surface of it, going after VPN providers because the service allow you to get around geo-blocking, the ability for companies to stop you accessing overseas television and entertainment such as NetFlix.

In New Zealand we don’t have access to NetFlix or similar services, we have an expensive, limited, back catalogue of movies at best.

For $5 a month you can buy VPN then use a gift card (or Air New Zealand Global Card) and can access NetFlix for a cool $US10 a month with all you can eat.

MasterCard and Visa seem to be attacking those providers, which is nothing new. There are still legal battles brewing over them cutting off Wikileaks.

The VPN providers, who are sitting on top of a gold rush, are planning a legal offensive against both companies.

Conspiracy theorists point to government pressure being put on Visa and MasterCard to withdraw support of any service that allows anonymisation of you on the internet, because you can’t be spied on.

Meanwhile, Switzerland’s largest national Cloud Provider, ArtMotion, has seen a solid 45% increase in revenue in the past month.

It’s not just them either, other onshore Swiss Cloud services are booming after the NSA revelations. Switzerland has always been seen as a safe place to store your gold and other filthy lucre, anonymously, and now individuals and companies around the world are seeing Switzerland as a safe place to anonymously store their private data from the prying eyes of government.

InternetNZ this week pointed out to the select committee on the impact of the GCSB to the New Zealand ICT industry and failed I think to pick up the one area of most significance (as did I in an earlier blog this week). InternetNZ got a little too technical and drew a long bow saying that people will rush to VPN’s to hide their activities from government. This is true and we see a pickup of VPN sales across most of the planet. The downside to this says InternetNZ, is that encrypted traffic is not compressible and so uses more bandwidth. The counter to that is simple, compress the data before you encrypt it.

The real impact on the New Zealand ICT Industry may be one of lost opportunity.

New Zealand is generally seen as the Switzerland of the Southern Hemisphere.

We are seen as a gentle folk that can neither fight nor fend for themselves.

Oh wait, that’s Hobbits.

But you get the point.

We even have the perfect brand, Aotearoa, The Land of the Long White Cloud.

That is now seriously in jeopardy because of our membership in the Five Eyes community.

Let’s be blunt. We spy for the US, Canada, Australia, and the UK. We are part of PRISM.

That by itself is likely to drive people away from the concept of New Zealand as one of the safest places on the planet to deep archive your data.

The European Union is all over this concept like a frenzied dog. The digital chief of the EU, Neelie Kroes, is using the issue to push hard for a “European Cloud” saying that “If European cloud customers cannot trust the United States government or their assurances, then maybe they won’t trust US cloud providers either. That is my guess, and if I am right then there are multi-billion euro consequences for American companies.”

The EU is particularly angry and you see it in their other responses. A probe has been called for to uncover the extent of the spying, it is reportedly mulling over nullifying data exchange agreements (such as passenger and financial information), and has written to the US demanding answers. Whatever the outcome, the perception is that onshore US Cloud services are not safe.

The truth is, it doesn’t matter where your data is, if it traverses one of the Five Eyes larger countries, it’s being captured by PRISM. If you store all your data in Switzerland but you live in the US, it makes not a jot of difference. The only thing that does is encryption.

Attacks seem to be on the rise on VPNs as well. As I mentioned last month Astrill, one of the largest and most significant VPN services was taken out in an attack that lasted nearly twenty-four hours. Conspiracy theorists point to the US however the truth is likely to be closer to home, Astrill supports a tonne of activists from within China by anonymizing their data, location, and identity.

Finally, an interesting legal test going on in the US over encryption. The Feds believe that one Jeffrey Feldman downloaded child pornography.

The problem is that Feldman has encrypted all his data and the key is in his head.

Originally, a court order was in place whereby he had to hand over that key or go to jail.

However, his lawyer raised a constitutional issue that by giving up his key it may violate the fifth amendment. That being that you don’t have to do anything that might incriminate yourself.

The prosecution has demanded the issue be resolved in case the complainant forgets his key given time is slipping by.

With Snowden on the loose carrying a head full of secrets, the reverberations from PRISM are just going to keep coming.

Ian Apperley is an independent cloud computing consultant. He posts at whatisitwellington.com.